Is a CSC module required to use Smartfilter with an ASA 5510?

Answered Question
Feb 16th, 2008

We have been using a PIX 515E and an external Smartfilter server for URL filtering for many years. Works well but we would like to add IDS capability. The way to go for that seems to be to get a ASA 5510 with AIP module. Can anyone confirm whether we can continue to use the URL FILTER command (with Smartfilter specifed as the vendor and pointed at the IP address of the Smarfilter server) as we are doing on the PIX? Cisco sales tells me that I need a CSC module to do this which means I can't have an AIP module but the way I read it that appears to be only if you are using the CSC's URL database (user count subscription) to do the filtering. We don't want to. We have 3 years left on our Smartfilter contract. I just talked to someone who owns an ASA 5510 without a CSC module and he sucessfully entered a URL FILTER command in his ASA just like you would on a PIX. Why wouldn't that work?

I have this problem too.
0 votes
Correct Answer by abinjola about 8 years 9 months ago

for URL filtering, NO, you don't need any kind of license, its not a licensed feature set, its rather a configuration feature

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
abinjola Sat, 02/16/2008 - 17:13

Definitely you can continue to use smartfilter with your ASA 5510

You can simplify configuration and improve security appliance performance by using a separate server running one of the following Internet filtering products:

•Websense Enterprise for filtering HTTP, HTTPS, and FTP.

•Secure Computing SmartFilter (formerly N2H2) for filtering HTTP, HTTPS, FTP, and long URL filtering.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/filter.html#wp1045692

for IPS/IDS funcionalities you may add AIP-SSM/CSC module

eddmaendel Sun, 02/17/2008 - 13:35

OK, I understand from your answer that I don't need any hardware modules in order to use an external server such as SmartFilter or Websense to do URL Filtering. Do I need the Security Plus license?

Correct Answer
abinjola Sun, 02/17/2008 - 16:51

for URL filtering, NO, you don't need any kind of license, its not a licensed feature set, its rather a configuration feature

Fraser Reid Mon, 02/18/2008 - 05:27

Security plus licence is good if you want t0 run redundant 5510 firewalls and have more thruput. thats it.

Actions

This Discussion