Websense & Botnet for ASA5505?

Answered Question
Nov 16th, 2009

Hello All,

I just purchased my ASA5505 and I am now debating if I should purchase a Websense and/or Botnet license.

I was curious if anyone else has any experience with these items? And if so, could you provide any feedback (positive or negative)?

I'm not sure if I should go with just one or the other, or if I need both products? Do they really tax the 5505 itself? Is there a noticeable difference in speed accessing websites?

Any help or suggestions you can provide is greatly appreciated, thank you!

Lastly, what about the IPS add-on. Is it worth the 1200 dollars to get this module? If I bought the module would I even need the Websense or Botnet licenses?

-- Phil

I have this problem too.
0 votes
Correct Answer by Panos Kampanakis about 7 years 3 weeks ago

Botnet is a feature that identifies botnet traffic that is going out and alerts you. Later on there will be functionality to block that traffic.

The IPS sits inline and monitors the traffic. If it sees something that looks illegit it will alert or block it, depending on what you want. The IPS could or could not catch bothnet traffic depending on the pattern the botnet is using.

Webeense is a feature that has the ASA redirect traffic the websense server and websense decides what to do with the traffic, allow the page or block it.

So, usually the botnet and IPS are related, the IPS does more than the botnet but botnet captures compromised computers by checking on the destination that they are contacting whereas the IPS checks the traffic patterns.

Websense is different and is used for url filtering.

It all depends on your needs.

As for performance, in general there is no noticeable performance degradation with the features for most networks.

I hope it helps.

PK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Panos Kampanakis Tue, 11/17/2009 - 07:02

Botnet is a feature that identifies botnet traffic that is going out and alerts you. Later on there will be functionality to block that traffic.

The IPS sits inline and monitors the traffic. If it sees something that looks illegit it will alert or block it, depending on what you want. The IPS could or could not catch bothnet traffic depending on the pattern the botnet is using.

Webeense is a feature that has the ASA redirect traffic the websense server and websense decides what to do with the traffic, allow the page or block it.

So, usually the botnet and IPS are related, the IPS does more than the botnet but botnet captures compromised computers by checking on the destination that they are contacting whereas the IPS checks the traffic patterns.

Websense is different and is used for url filtering.

It all depends on your needs.

As for performance, in general there is no noticeable performance degradation with the features for most networks.

I hope it helps.

PK

Actions

This Discussion