Link to home
Create AccountLog in
Avatar of denver218
denver218Flag for United States of America

asked on

Content Filtering on the ASA5510

I have a customer who is currently using a Pix 506E.  Since this device is reaching its end-of-life I am going to replace this Pix with an ASA5510.  This client wants Content Filtering to be a feature on the new firewall.  They want to be able to block streaming media, nudity, social networking sites, etc.  What kind of license or module must I use on the ASA to allowing me to do content filtering as well on this ASA.  I was reading about the Content Security and Control Security Services Module below:  Seems expensive.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f_ps6120_Products_Data_Sheet.html

Is there other ways to do this besides purchasing the module like maybe websense?  is there a special license needed for it?  Thanks
Avatar of jjmartineziii
jjmartineziii
Flag of United States of America image

Web sense works really well with the ASA. I could go that route over the SSM if you can afford it.

The license you get depends on how many users are behind it.

CSC-SSM-10 comes with 50 Users But can handle: • 100 Users, 250 Users, 500 Users with additional licensing.
Plus license: Adds anti-spam, anti-phishing, URL blocking/filtering and content control
CSC-SSM-20 comes with 500 Users But can handle: 500 Users, 750 Users, 1000 Users  with additional licensing.

Obviously, the SSM-20 has better performance.
ASKER CERTIFIED SOLUTION
Avatar of Mystique_87
Mystique_87

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of denver218

ASKER

I am looking into the CSC-SSM-10.  I have been able to find pricing on this module, but I have been unable to find out how much the yearly subscription costs.  Can anyone point me to a link that shows the yearly subscription costs?

Also, this client wants a pair of 5510s configured on Active/Standby.  Does the CSC-SSM support an active/stanby configuration.  I know I would have to buy a second CSC-SSM-10 for the standby ASA and probably a subscription for this as well.  

So in the end my client wants to be able to do everything that the pix did for them, which is NAT/PAT, ACL, VPN, etc, as well as add a module for content filtering, and have an Active/Standby configuration for redundancy.  The ASA5510s with the CSC module should accomplish this right?
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Thanks.