02-16-2008 07:59 AM - edited 02-21-2020 01:54 AM
We have been using a PIX 515E and an external Smartfilter server for URL filtering for many years. Works well but we would like to add IDS capability. The way to go for that seems to be to get a ASA 5510 with AIP module. Can anyone confirm whether we can continue to use the URL FILTER command (with Smartfilter specifed as the vendor and pointed at the IP address of the Smarfilter server) as we are doing on the PIX? Cisco sales tells me that I need a CSC module to do this which means I can't have an AIP module but the way I read it that appears to be only if you are using the CSC's URL database (user count subscription) to do the filtering. We don't want to. We have 3 years left on our Smartfilter contract. I just talked to someone who owns an ASA 5510 without a CSC module and he sucessfully entered a URL FILTER command in his ASA just like you would on a PIX. Why wouldn't that work?
Solved! Go to Solution.
02-17-2008 04:51 PM
for URL filtering, NO, you don't need any kind of license, its not a licensed feature set, its rather a configuration feature
02-16-2008 05:13 PM
Definitely you can continue to use smartfilter with your ASA 5510
You can simplify configuration and improve security appliance performance by using a separate server running one of the following Internet filtering products:
â¢Websense Enterprise for filtering HTTP, HTTPS, and FTP.
â¢Secure Computing SmartFilter (formerly N2H2) for filtering HTTP, HTTPS, FTP, and long URL filtering.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/filter.html#wp1045692
for IPS/IDS funcionalities you may add AIP-SSM/CSC module
02-17-2008 01:35 PM
OK, I understand from your answer that I don't need any hardware modules in order to use an external server such as SmartFilter or Websense to do URL Filtering. Do I need the Security Plus license?
02-17-2008 04:51 PM
for URL filtering, NO, you don't need any kind of license, its not a licensed feature set, its rather a configuration feature
02-18-2008 05:27 AM
Security plus licence is good if you want t0 run redundant 5510 firewalls and have more thruput. thats it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: