Content Filtering on the ASA5510
I have a customer who is currently using a Pix 506E. Since this device is reaching its end-of-life I am going to replace this Pix with an ASA5510. This client wants Content Filtering to be a feature on the new firewall. They want to be able to block streaming media, nudity, social networking sites, etc. What kind of license or module must I use on the ASA to allowing me to do content filtering as well on this ASA. I was reading about the Content Security and Control Security Services Module below: Seems expensive.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f_ps6120_Products_Data_Sheet.html
Is there other ways to do this besides purchasing the module like maybe websense? is there a special license needed for it? Thanks
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f_ps6120_Products_Data_Sheet.html
Is there other ways to do this besides purchasing the module like maybe websense? is there a special license needed for it? Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am looking into the CSC-SSM-10. I have been able to find pricing on this module, but I have been unable to find out how much the yearly subscription costs. Can anyone point me to a link that shows the yearly subscription costs?
Also, this client wants a pair of 5510s configured on Active/Standby. Does the CSC-SSM support an active/stanby configuration. I know I would have to buy a second CSC-SSM-10 for the standby ASA and probably a subscription for this as well.
So in the end my client wants to be able to do everything that the pix did for them, which is NAT/PAT, ACL, VPN, etc, as well as add a module for content filtering, and have an Active/Standby configuration for redundancy. The ASA5510s with the CSC module should accomplish this right?
Also, this client wants a pair of 5510s configured on Active/Standby. Does the CSC-SSM support an active/stanby configuration. I know I would have to buy a second CSC-SSM-10 for the standby ASA and probably a subscription for this as well.
So in the end my client wants to be able to do everything that the pix did for them, which is NAT/PAT, ACL, VPN, etc, as well as add a module for content filtering, and have an Active/Standby configuration for redundancy. The ASA5510s with the CSC module should accomplish this right?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks.
The license you get depends on how many users are behind it.
CSC-SSM-10 comes with 50 Users But can handle: • 100 Users, 250 Users, 500 Users with additional licensing.
Plus license: Adds anti-spam, anti-phishing, URL blocking/filtering and content control
CSC-SSM-20 comes with 500 Users But can handle: 500 Users, 750 Users, 1000 Users with additional licensing.
Obviously, the SSM-20 has better performance.