Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
0
Helpful
4
Replies

Is a CSC module required to use Smartfilter with an ASA 5510?

Go to solution
eddmaendel
Level 1
Level 1

‎02-16-2008 07:59 AM - edited ‎02-21-2020 01:54 AM

We have been using a PIX 515E and an external Smartfilter server for URL filtering for many years. Works well but we would like to add IDS capability. The way to go for that seems to be to get a ASA 5510 with AIP module. Can anyone confirm whether we can continue to use the URL FILTER command (with Smartfilter specifed as the vendor and pointed at the IP address of the Smarfilter server) as we are doing on the PIX? Cisco sales tells me that I need a CSC module to do this which means I can't have an AIP module but the way I read it that appears to be only if you are using the CSC's URL database (user count subscription) to do the filtering. We don't want to. We have 3 years left on our Smartfilter contract. I just talked to someone who owns an ASA 5510 without a CSC module and he sucessfully entered a URL FILTER command in his ASA just like you would on a PIX. Why wouldn't that work?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
abinjola
Cisco Employee
Cisco Employee
In response to eddmaendel

‎02-17-2008 04:51 PM

for URL filtering, NO, you don't need any kind of license, its not a licensed feature set, its rather a configuration feature

View solution in original post

0 Helpful
4 Replies 4

Go to solution
abinjola
Cisco Employee
Cisco Employee

‎02-16-2008 05:13 PM

Definitely you can continue to use smartfilter with your ASA 5510

You can simplify configuration and improve security appliance performance by using a separate server running one of the following Internet filtering products:

•Websense Enterprise for filtering HTTP, HTTPS, and FTP.

•Secure Computing SmartFilter (formerly N2H2) for filtering HTTP, HTTPS, FTP, and long URL filtering.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/filter.html#wp1045692

for IPS/IDS funcionalities you may add AIP-SSM/CSC module

0 Helpful

Go to solution
eddmaendel
Level 1
Level 1
In response to abinjola

‎02-17-2008 01:35 PM

OK, I understand from your answer that I don't need any hardware modules in order to use an external server such as SmartFilter or Websense to do URL Filtering. Do I need the Security Plus license?

0 Helpful

Go to solution
abinjola
Cisco Employee
Cisco Employee
In response to eddmaendel

‎02-17-2008 04:51 PM

for URL filtering, NO, you don't need any kind of license, its not a licensed feature set, its rather a configuration feature

0 Helpful

Go to solution
Fraser Reid
Level 1
Level 1
In response to abinjola

‎02-18-2008 05:27 AM

Security plus licence is good if you want t0 run redundant 5510 firewalls and have more thruput. thats it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card