Need a url filtering solution advice (ASA5520 - ASA-SSM-10)

Unanswered Question
Aug 17th, 2011

Hi,

I am trying to find the best url filtering solution for our network.

We have a ASA5520 with an ASA-SSM-10 module connected to a 30mb DIA. We are trying to cut access to a number of web sites.

The experience I've had in the past when enabled the url filtering on one of our 7204 routers was no good. I remembered in and out traffic really slowed down because of this (I can't remembering if the inspection was taking too long or the traffic processing). I also remembered opening a TAC because of this and the answer was to disabled it and look for a Websense server solution.

I would appreciate if anyone out there with our same devices has something up and running without issues.

Please let me know what are the best options I can go with without negative side effects.

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Deepak_Khemani Wed, 08/17/2011 - 23:47

Hi

URL Filetring on router without external server is only meant for a small list of web sites. Filtering requires lot computing power and hence italways advisable to have an external web filter  to block large number of sites. Also external filter gives u various solid reporting options whioch are not provided by router itself.

Hope this helps.

Regards

Deepak Khemani

Zeek Ferraros Thu, 08/18/2011 - 07:48

So what would be the best solution to address url filtering knowing we currently have an ASA5520 with IPS.

varrao Thu, 08/18/2011 - 09:09

Hi Zeek,

For URL filtering you can either use a CSC-SSM module or a web sense toa complish this. I agree with Deepak that having devices like these would benefit better reporting than a router and also the scalablity option.

Here is the CSC release notes:

http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f_ps6120_Products_Data_Sheet.html

This would help you in reaching a decision.

Thanks,

Varun

Ronald Nutter Thu, 08/18/2011 - 12:09

have used Smartfilter & Ironport WSA. Smart filter might be more affordable but I think you will like Ironport Web Security Appliance.

Ron

Sent from Cisco Technical Support iPad App

Actions

Login or Register to take actions

This Discussion

Posted August 17, 2011 at 2:23 PM
Stats:
Replies:10 Avg. Rating:
Views:1212 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446