Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ASA 5500X series with AVC and WSE experience

I posted this over in the Web Security but didn't get any hits, just wondering if anybody has any firsthand experience with the new ASA series with the AVC (application visibility and control) and the WSE (web security essentials).  I'm looking to ditch Websene and was hoping this could be an option.  Anybody got an opinion?

https://supportforums.cisco.com/message/4053191#4053191

5 REPLIES
Hall of Fame Super Silver

Cisco ASA 5500X series with AVC and WSE experience

Not quite fully baked.

We've seen some unresolved bugs in our initial deployments. One big one is CX stops forwarding traffic after some period requiring a module reset to resolve. I saw still others during lab testing. Some things cosmetic/annoying (i.e., PRSM menu items don't show up consistently using supported browser yet do show up on unsupported browser) and others functional (not being able to block specified file type content).

New Member

Cisco ASA 5500X series with AVC and WSE experience

Thanks!  Thats good to know!  Which appliance are you using?  (we're looking at the 5525X)  Also, are you using the web security essentials feature?

Hall of Fame Super Silver

Cisco ASA 5500X series with AVC and WSE experience

You're welcome.

The production installation I did had both 5515-X and 5525-X sites. Yes we were using both AVC and WSE.

New Member

Cisco ASA 5500X series with AVC and WSE experience

How did the WSE fair?  Do you think it would be a viable replacement for Websense?  There's not a built in Malware filter right?

Hall of Fame Super Silver

Cisco ASA 5500X series with AVC and WSE experience

The production installation I did used a whitelist of pre-defined allowed web sites we we didn't get to fully exercise the WSE bit.

In general, the Cisco ASA (even with ASA CX and WSE) does not compare favorably with the more full-featured next gen firewalls, 3rd party web proxies (such as Websense or others) or even Cisco's own (Ironport) WSA. Otherwise they would not have agreed to pay $2.7B for SourceFire.

303
Views
0
Helpful
5
Replies
CreatePlease to create content