So not too long ago Cisco finally integrated a solution in to their ASA's which would allow for web security. At the moment, this post is only concerned with the URL filtering portion. It has been a long time running that when a customer compares firewalls (usually the smaller customers), they know they want the basic features of a firewall such as ACL's, NAT, VPN, but many wanted that one additional feature that Cisco couldn't seem to do within an SMB customer's budget: Web Filtering. Now the X series of ASA's can do this via minimal hardware and licensing (and not using a CSC which I've found to be very unreliable in my experience).
My problem is that I do not have one of these firewalls to play with, and I don't want to use any of my customers' networks as a playground unless they were to ask me specifically.
Has anyone used the ASA CX for url filtering? How was your experience on the configuration side, user experience side, and troubleshooting side of things? Do you know how it compares to products like Websense/Fortigate/Sonicwall/Palo Alto/etc.?
I do realize that each product has numerous feature differences that make the products unique, but I tend to have customers with a common goal: simple url filtering based on category/reputation that must be dynamically updated without administrator intervention. Policies based on user identity would be a bonus to some of my customers, but in many cases they only needed an ability to whitelist certain machines from having the filter apply.
Please don't respond if you don't have actual experience with the product as I can search Google for this as well, but would like to hear from anyone that might have recently had experience since most things I've found online so far date back much closer to the launch of the product and many features/bugs may have changed.