Need a url filtering solution advice (ASA5520 - ASA-SSM-10)

Unanswered Question
Aug 17th, 2011
User Badges:

Hi,

I am trying to find the best url filtering solution for our network.

We have a ASA5520 with an ASA-SSM-10 module connected to a 30mb DIA. We are trying to cut access to a number of web sites.

The experience I've had in the past when enabled the url filtering on one of our 7204 routers was no good. I remembered in and out traffic really slowed down because of this (I can't remembering if the inspection was taking too long or the traffic processing). I also remembered opening a TAC because of this and the answer was to disabled it and look for a Websense server solution.

I would appreciate if anyone out there with our same devices has something up and running without issues.

Please let me know what are the best options I can go with without negative side effects.

Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Deepak Khemani Wed, 08/17/2011 - 23:47
User Badges:

Hi


URL Filetring on router without external server is only meant for a small list of web sites. Filtering requires lot computing power and hence italways advisable to have an external web filter  to block large number of sites. Also external filter gives u various solid reporting options whioch are not provided by router itself.


Hope this helps.


Regards

Deepak Khemani

Zeek Ferraros Thu, 08/18/2011 - 07:48
User Badges:

So what would be the best solution to address url filtering knowing we currently have an ASA5520 with IPS.

varrao Thu, 08/18/2011 - 09:09
User Badges:
  • Red, 2250 points or more

Hi Zeek,


For URL filtering you can either use a CSC-SSM module or a web sense toa complish this. I agree with Deepak that having devices like these would benefit better reporting than a router and also the scalablity option.


Here is the CSC release notes:

http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f_ps6120_Products_Data_Sheet.html


This would help you in reaching a decision.


Thanks,

Varun

varrao Thu, 08/18/2011 - 11:11
User Badges:
  • Red, 2250 points or more

No Problem

Ronald Nutter Thu, 08/18/2011 - 12:09
User Badges:

have used Smartfilter & Ironport WSA. Smart filter might be more affordable but I think you will like Ironport Web Security Appliance.


Ron


Sent from Cisco Technical Support iPad App

Actions

This Discussion