?
Solved

Cisco ASA CX versus Websense

Posted on 2013-06-20
2
Medium Priority
?
2,633 Views
Last Modified: 2016-03-23
So not too long ago Cisco finally integrated a solution in to their ASA's which would allow for web security. At the moment, this post is only concerned with the URL filtering portion. It has been a long time running that when a customer compares firewalls (usually the smaller customers), they know they want the basic features of a firewall such as ACL's, NAT, VPN, but many wanted that one additional feature that Cisco couldn't seem to do within an SMB customer's budget: Web Filtering. Now the X series of ASA's can do this via minimal hardware and licensing (and not using a CSC which I've found to be very unreliable in my experience).

My problem is that I do not have one of these firewalls to play with, and I don't want to use any of my customers' networks as a playground unless they were to ask me specifically.

Has anyone used the ASA CX for url filtering? How was your experience on the configuration side, user experience side, and troubleshooting side of things? Do you know how it compares to products like Websense/Fortigate/Sonicwall/Palo Alto/etc.?

I do realize that each product has numerous feature differences that make the products unique, but I tend to have customers with a common goal: simple url filtering based on category/reputation that must be dynamically updated without administrator intervention. Policies based on user identity would be a bonus to some of my customers, but in many cases they only needed an ability to whitelist certain machines from having the filter apply.

Please don't respond if you don't have actual experience with the product as I can search Google for this as well, but would like to hear from anyone that might have recently had experience since most things I've found online so far date back much closer to the launch of the product and many features/bugs may have changed.
0
Comment
Question by:rauenpc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 39265774
where i coming from is hopefully not another NGFW hype - All in one hype or even to be compared to UTM. Ppl will consider CX only if they already has Cisco in them and upgrade looks more feasible to to get budget for upgrade or refresh rather than try out another new technology - who is the incubment for URL filtering - I will ask instead for choice - why did you even consider one - Actually Bluecoat may be also considered with it recent acquisition of Solera (doing n/w forensic), they are into DPI ...

but instead of looking at capability, look at your business objectives.
-Can they handle SSL traffic not compromising performance and slowering the transaction
-Can they block specific facebook microsite but not the whole of facebook
-Can they allow scanning of traffic by offloading to my Enterprise AV (via ICAP or equ) and DLP solution
-Can it really prevent since it is not allowed to be inline (need to get approval) and if so, WCCP support or passive is effective ...doubt so
-Can it extend the feeds for cyber intelligences online or offline (that is cost and richness in the info, just look at which has the "big data" direction....)
-Can I scale up and attain high availability esp it is sitting inline breaking the SSL (inbound? and outbound?)

I do feel none may be the choice but if I really choose CX is new kid on the block and WS is a long runner ... just to keep it short... Probably Ironport is another candidate if Web security is really your concern...I see it far more than just appl aware which CX is trying to do...Oops... they are from the Cisco family :)

Probably the most important CX design consideration is today Cisco ASA 5500X can either leverage CX or IPS however not both simultaneously. Then again how comprehensive you will want .... if minimal both can do, but if comprehensive then should compared WebSense and IronPort WSA
0
 

Expert Comment

by:chescotech
ID: 40325188
We have been using the Cisco ASA 5555-x and ASA 5512-X with Prime security manager for 5 months.
It crashes constantly and code upgrades have been a nightmare, with every upgrade there is a new set of problems! Do not buy this product!It is a piece of garbage!

We have been working with CiSCo TAC through out the whole ordeal and the issues persist.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look at what happened in the Verizon cloud breach.
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month11 days, 17 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question