• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 703
  • Last Modified:

Cisco ASA5510 and content filtering (antivirus)


Can the Cisco ASA5510 support somekind of traffic filtering like the Checkpoint and eSafe with CVP ???
I am aware of the Content Security Edition but is there another alternative ??
I know that some products like Fortigate can be used in transparent mode but that would filter the traffic of only one of the interface of my ASA5510.  I am looking for something that would filter all the internal interfaces of my CiscoASA5510 (3)

  • 2
1 Solution
Right here:

I've used it....   Its acceptable albeit lacks a lot of the fine-tuning you'd expect from such a product.  

This what you had in mind?
fox54Author Commented:
That's what i don't want to use for the reasons you mentionned.

Is there another solution ?
In the past I've also used eSafe.   It's also an acceptable choice, but you are limited to the speed of the hardware on which it's deployed.  Which, for most small businesses, is acceptable.  We started to see issues when inline on a 6 mb circuit with 290 users.     But it served it's purpose up to that point very well.  

After the esafe I looked at the Cisco solution above and the Fortigate solution.  

Fortigate offers products with multiple interfaces that (as I was told by sales) cold be configured to provide multiple paths to the same device.  Essentially you would need 6 configurable ports (an in and out for inline scrubbing) to support the 3 ASA ports.      The catch here is that it was really expensive.   IIRC, fortigate charges were scaled based on number of connections and the total throughput.     I don't know if they changed in the last year, but the cost is why I went with the cisco product instead.    

I would imagine that most other solutions also would be inline only (Like esafe).   However, for most purposes, one would only want to scrub the traffic coming in from the public internet.   I was forced to scrub all interfaces for adherence to federal regulations covering the line of business.    Unless its a definite need, a single scrubber on the outside interface mixed with a decent IDS on the inside would be very secure IMHO.     Have you considered that type of solution?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now