Cisco ASA 5500X series with AVC and WSE experience

MooreIT01 · ‎09-30-2013

I posted this over in the Web Security but didn't get any hits, just wondering if anybody has any firsthand experience with the new ASA series with the AVC (application visibility and control) and the WSE (web security essentials). I'm looking to ditch Websene and was hoping this could be an option. Anybody got an opinion?

https://supportforums.cisco.com/message/4053191#4053191

Marvin Rhoads · ‎10-01-2013

Not quite fully baked.

We've seen some unresolved bugs in our initial deployments. One big one is CX stops forwarding traffic after some period requiring a module reset to resolve. I saw still others during lab testing. Some things cosmetic/annoying (i.e., PRSM menu items don't show up consistently using supported browser yet do show up on unsupported browser) and others functional (not being able to block specified file type content).

MooreIT01 · ‎10-02-2013

Thanks! Thats good to know! Which appliance are you using? (we're looking at the 5525X) Also, are you using the web security essentials feature?

Marvin Rhoads · ‎10-02-2013

You're welcome.

The production installation I did had both 5515-X and 5525-X sites. Yes we were using both AVC and WSE.

MooreIT01 · ‎10-02-2013

How did the WSE fair? Do you think it would be a viable replacement for Websense? There's not a built in Malware filter right?

Marvin Rhoads · ‎10-02-2013

The production installation I did used a whitelist of pre-defined allowed web sites we we didn't get to fully exercise the WSE bit.

In general, the Cisco ASA (even with ASA CX and WSE) does not compare favorably with the more full-featured next gen firewalls, 3rd party web proxies (such as Websense or others) or even Cisco's own (Ironport) WSA. Otherwise they would not have agreed to pay $2.7B for SourceFire.