denver218
asked on
Content Filtering on the ASA5510
I have a customer who is currently using a Pix 506E. Since this device is reaching its end-of-life I am going to replace this Pix with an ASA5510. This client wants Content Filtering to be a feature on the new firewall. They want to be able to block streaming media, nudity, social networking sites, etc. What kind of license or module must I use on the ASA to allowing me to do content filtering as well on this ASA. I was reading about the Content Security and Control Security Services Module below: Seems expensive.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f_ps6120_Products_Data_Sheet.html
Is there other ways to do this besides purchasing the module like maybe websense? is there a special license needed for it? Thanks
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f_ps6120_Products_Data_Sheet.html
Is there other ways to do this besides purchasing the module like maybe websense? is there a special license needed for it? Thanks
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
I am looking into the CSC-SSM-10. I have been able to find pricing on this module, but I have been unable to find out how much the yearly subscription costs. Can anyone point me to a link that shows the yearly subscription costs?
Also, this client wants a pair of 5510s configured on Active/Standby. Does the CSC-SSM support an active/stanby configuration. I know I would have to buy a second CSC-SSM-10 for the standby ASA and probably a subscription for this as well.
So in the end my client wants to be able to do everything that the pix did for them, which is NAT/PAT, ACL, VPN, etc, as well as add a module for content filtering, and have an Active/Standby configuration for redundancy. The ASA5510s with the CSC module should accomplish this right?
Also, this client wants a pair of 5510s configured on Active/Standby. Does the CSC-SSM support an active/stanby configuration. I know I would have to buy a second CSC-SSM-10 for the standby ASA and probably a subscription for this as well.
So in the end my client wants to be able to do everything that the pix did for them, which is NAT/PAT, ACL, VPN, etc, as well as add a module for content filtering, and have an Active/Standby configuration for redundancy. The ASA5510s with the CSC module should accomplish this right?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thanks.
The license you get depends on how many users are behind it.
CSC-SSM-10 comes with 50 Users But can handle: • 100 Users, 250 Users, 500 Users with additional licensing.
Plus license: Adds anti-spam, anti-phishing, URL blocking/filtering and content control
CSC-SSM-20 comes with 500 Users But can handle: 500 Users, 750 Users, 1000 Users with additional licensing.
Obviously, the SSM-20 has better performance.