QUESTION: I know that i can do URL filtering on it using ASDM , right ? ANSWER: Yes. You can apply filtering to connection requests originating from a more secure network to a less secure network. Although you can use ACLs to prevent outbound access to specific content servers, managing usage this way is difficult because of the size and dynamic nature of the Internet. You can simplify configuration and improve security appliance performance by using a separate server running one of the following Internet filtering products:
•Websense Enterprise for filtering HTTP, HTTPS, and FTP.
•Secure Computing SmartFilter for filtering HTTP only. (Although some versions of Sentian support HTTPS, the security appliance only supports filtering HTTP with Sentian.)
For more information, please check the link below: http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/asdm60/user/guide/usrguide/fltrrule.html
QUESTION: But can i and what bennefit i would have with WSE on it and can i put WSE ? maybe PID for WSE . ANSWER: Cisco WSE, which enables reputation-based web application security policies. In addition, Cisco WSE enables robust content-based URL filtering with differentiated access policies based on user, group, device, and role.
WSE, IPS on NGFW, and CWS use threat intelligence feeds from Cisco Security Intelligence Operations (SIO) for advanced web reputation analysis and near-real-time protection from zero-day threats. For more information on how SIO helps the Cisco IPS control threats in real-life production environments, visit: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps12156/white_paper_c11-715386.html.
The subscriptions terms are 1 year, 3 years and 5 years. It is also possible to purchase both the services together using the AVC + WSE bundle license. With a built-in discount, the bundle price is less than the price of buying these services a la carte.
ASA5515-AW3Y-PR= (ASA 5515-X CX AVC and Web Security Essentials 3Year (Promo) - USD 3,450.00 regular price is USD 5,150
ASA5515-WS1Y= (ASA 5515-X CX Web Security Essentials only 1Year) - USD 1,900
just add "L-" to the part numbers above to get the eDelivery version.
Please check the links below for your reference(s):
Cisco Application Visibility and Control http://www.cisco.com/en/US/solutions/collateral/ns1015/ns483/ns780/at_a_glance_c45-649117.pdf
Cisco ASA CX Context-Aware Security Data Sheet http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-701659.html
QUESTION: I was reading that i can put SSD in ASA ( please PID if know ) and can i ? and then i can put WSE ( it is license or part of software and get some robust url filtering . ANSWER: If you purchase the regular ASA 5500-X without the SSD, the Web Security Essentials (WSE) that deploys the web filtering may not work or function as per the Release Notes for the Cisco ASA Series, Version 9.1(x) http://www.cisco.com/en/US/docs/security/asa/asa91/release/notes/asarn91.pdf
Since Solid state drive (SSD) is required in order to run the Application Visibility and Control (AVC) and Web Security Essentials (WSE) next-generation firewall services on the Cisco ASA 5500-X Series.
ASA5500X-SSD120= (ASA 5512-X through 5555-X 120 GB MLC SED SSD (Spare) - USD 800.00
The purpose of the SSD stores logs and any reports for traffic that is processed by these services, in addition to application signatures and a web security database that are part of these subscriptions.
QUESTION: Can someone explain me diffrenece with regular url filtering and with WSE , and process how to put SSD in asa and WSE . ANSWER: Please check the document link below: http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5500xguide/5500xhw/asa_procs.html#wp1097873
URL filtering on the base ASA is very old-style and requires you write regular expressions (regex) to match on URLs. It does not do deep packet inspection and analyze type of flows (e.g. micro applications on facebook, file transfers with in a chat session, etc). To get those sort of functions, you use Next Generation Firewall (NGFW) services on the CX module. WSE and AVC work hand in hand to provide them (and you can optionally add IPS).
To add WSE to an ASA 5500-X series you do need the SSD (or an SSP-20/40/60 in the 5585-X) plus a license for the service - it is licensed and subscription-based. The product data sheet lists several 3-year bundles for the software and there are other terms (1 year, 5 year etc.) available.
Your reseller has access to Cisco Commerce Workspace and other partner collateral so they can generate a valid bill of materials for your upgrade. That would include the required SSD (part number ASA5500X-SSD120=).
The ASA CX module might be a hardware module or a software module, depending on your ASA model. For the ASA 5512-X, 5515-X, 5525-X, 5545-X, 5555-X it's a ASA CX SSP software module that requires a Cisco solid state drive (SSD) to work.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :