12-05-2013 11:33 PM - edited 03-11-2019 08:13 PM
Hi
Is the ASA5500X series supports Anti virus?
If not what would be solution to have the Anti virus on the ASA5500x box.
Thanks & Regards
Lakshman Kumar S
12-06-2013 01:51 AM
No, the ASA-CX doesn't do any Anti-Virus or Malware-scanning. If you wan't to do that, the "normal" non-CX ASA together with the WSA (Web Security Appliance) would be a solution.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-06-2013 07:50 PM
If CX is not there then how the WSA will work?.
If so then what is the difference between CX & WSA.
I am in confusion that if CX should be available on the box then only the WSA will work.
Please provide the links where I can get more details .
Thanks & Regards
Lakshman Kumar S
12-07-2013 01:12 AM
There is a session on ciscolive365 that has some slides that show the differences:
https://ciscolive365.com/connect/sessionDetail.ww?SESSION_ID=7927&backBtn=true
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-06-2013 06:49 PM
Actually the latest CX code does do Malware prevention. You could also purchase the Malware Prevention license on the regular ASA (non-CX). There are no Cisco products that do anti-virus though. Honestly an edge device should not be used for anti-virus. A/V should be directly on your hosts.
12-07-2013 01:14 AM
Have you a link for that? I'm only aware of reputation-based filtering but not on true malware-scanning. And I don't find anything on the topic.
And the WSA does Anti-Virus filtering. It has the Scan-Engine from Sophos and optionally from McAffee.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-07-2013 08:52 AM
I don't have an official link. I upgraded to the latest CX this week and one of the new features is a malware engine. If you like I can give you a screenshot.
Lakshman- The main difference between CX and WSA is that the CX can dig deeper into a packet and see what it's doing (Facebook games, Facebook posting, Facebook videos). The CX can also inspect traffic on non-standard web ports, where as (AFAIK) WSA can only look at TCP 80 and 443.
12-07-2013 11:11 AM
Hi Karsten,
Malware protection in the Next Generation Firewall (NGFW = how Cisco is now banding the CX) is under the auspices of Web Reputation Filtering. See this section of the 9.2 user guide.
I would sort of agree with Colin in that edge-only AV protection is not very useful. A more holistic approach like what Sourcefire does with FireAMP on clients plus the firewall-side piece of that solution is actually a pretty nice approach. We can hope to see more of that technology in the Cisco-branded products going forward now that the Sourcefire acquisition has closed.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: