Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3914
Views
0
Helpful
4
Replies

WSA vs bluecoat

Bart_ironport
Level 1
Level 1

‎05-04-2008 10:55 AM

Around here its about time for another WSA vs BlueCoat battle and I need some ammo ;)

I'll get the usual docs through our SEs and arrange for another eval box to play with, but I was looking for some feedback from people who actually used this device in production.

We"re looking at a redundant setup, two devices with an identical config (aside from ip addressing and such) which each should be able to handle the full load. BC has an advantage here because they have virtual ips that can move from one box to the other. Luckily in our first project that won't be a problem because we already have load balancers in place that can perform this task. But how do you keep the device configurations in sync? BC has a small tool available for partners that does just this (specify the source and a number of targets, and it syncs the full configuration). Is there something similar for the WSA or do you do all this manually?

BC policies are very powerful, sometimes required but often to complex. I know from the previous test that we can transfer about 95% of the policy to the WSA, which is sufficient. The WSA policy was easier to interpret for the admins than that of the BC so that was a plus, but it also left me with some concerns. What if we need to do something like disable authentication for useragent X when accessing site Y, or more complex rules that can't be done in the GUI? Do you often run into problems like this?
Lets just say having something like the messagefilters of the c-series available - even if its just in case - would make me feel better.

Any other pros / cons you might have, are welcome. I don't expect the WSA will completely replace BC any time soon - a lot more features will need to be implemented first. But i have a couple more customers in mind where the WSA may be a better choice.

Labels:
0 Helpful
4 Replies 4

jowolfer
Level 1
Level 1

‎05-19-2008 11:55 PM 

BC has a small tool available for partners that does just this (specify the source and a number of targets, and it syncs the full configuration). Is there something similar for the WSA or do you do all this manually?


The IronPort M-series is an appliance that is used for syncing the configuration files. 

What if we need to do something like disable authentication for useragent X when accessing site Y, or more complex rules that can't be done in the GUI?


Disabling authentication for a user-agent for a specific site(s) is easily possible in the Maui release (5.6). This version is currently in Beta.

The WSAs GUI is powerful enough to handle all of the policies. There may not be 100% flexibility, as there is with the Blue Coats, but the WSA Maui release should cover all of your needs. 

Any other pros / cons you might have, are welcome.


The WSA Maui release has many improvements that make it easier to use over the Blue Coats. The GUI itself is much more powerful. A new GUI packet capture is available in the GUI. The policy trace on the WSA can run a test in real time, whereas the Blue Coat policy trace is written to a log that will have to be pulled and analyzed.

These are some of the areas where we excel.

0 Helpful

jowolfer
Level 1
Level 1

‎05-19-2008 11:57 PM

Also,

Inquiries regarding the WSA are best written in the "Web Security" forum. There are many users who actively read and write articles and you will receice more exposure for your questions.

0 Helpful

conauman
Cisco Employee
Cisco Employee

‎05-20-2008 02:55 PM 

Also,

Inquiries regarding the WSA are best written in the "Web Security" forum. There are many users who actively read and write articles and you will receice more exposure for your questions.


Hi Josh,

I moved it to the Lounge as it was less of a technical question about WSA - so it was originally in WSA. :lol: So, he had it right - my mistake!

Cheers,

Cordelia

0 Helpful

conauman
Cisco Employee
Cisco Employee

‎05-21-2008 05:03 PM 

Also,

Inquiries regarding the WSA are best written in the "Web Security" forum. There are many users who actively read and write articles and you will receice more exposure for your questions.


Hi Josh,

I moved it to the Lounge as it was less of a technical question about WSA - so it was originally in WSA.  :lol: So, he had it right - my mistake!

Cheers,

Cordelia


Moved back to WSA forum.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents