https://community.cisco.com/t5/network-security/cisco-asa-firewall-and-cisco-scansafe-web-url-content-security/m-p/1840425#M456369 <P>I have a requirements to provide wireless access for visitors who visit the companies for a few days.&nbsp; These guest users will be able to browse the Internet and VPN back into their corporate securely with their own laptops, Ipad, etc...</P><P></P><P>One of the requirements is that I need to be able to control ther Internet usage and make sure whatever they download can be safely scanned through a cloud service from Cisco called scansafe.&nbsp; I am thinking of using Cisco ASA firewalls to accomplish this task.&nbsp; </P><P></P><P>I am getting conflicting information.&nbsp; According to this documentation, Cisco ASA and scansafe only works for http but not https:&nbsp; </P><P><A class="jive-link-external-small" href="http://www.novanet.se/ScanSafe_ASA_WiFi_Config.pdf" target="_blank">http://www.novanet.se/ScanSafe_ASA_WiFi_Config.pdf</A></P><P></P><P>However, another documentation states that Cisco IOS routers and scansafe work with both http and https:&nbsp; </P><P><A class="jive-link-external-small" href="http://www.networkworld.com/community/blog/tutorial-cisco-routers-add-web-security-cisco" target="_blank">http://www.networkworld.com/community/blog/tutorial-cisco-routers-add-web-security-cisco</A></P><P></P><P>does it mean that by choosing to go with ASA, http(s) will not be available with scansafe?</P><P></P><P>Thanks,</P> Mon, 11 Mar 2019 22:17:35 GMT david.tran 2019-03-11T22:17:35Z https://community.cisco.com/t5/network-security/cisco-asa-firewall-and-cisco-scansafe-web-url-content-security/m-p/1840425#M456369 <P>I have a requirements to provide wireless access for visitors who visit the companies for a few days.&nbsp; These guest users will be able to browse the Internet and VPN back into their corporate securely with their own laptops, Ipad, etc...</P><P></P><P>One of the requirements is that I need to be able to control ther Internet usage and make sure whatever they download can be safely scanned through a cloud service from Cisco called scansafe.&nbsp; I am thinking of using Cisco ASA firewalls to accomplish this task.&nbsp; </P><P></P><P>I am getting conflicting information.&nbsp; According to this documentation, Cisco ASA and scansafe only works for http but not https:&nbsp; </P><P><A class="jive-link-external-small" href="http://www.novanet.se/ScanSafe_ASA_WiFi_Config.pdf" target="_blank">http://www.novanet.se/ScanSafe_ASA_WiFi_Config.pdf</A></P><P></P><P>However, another documentation states that Cisco IOS routers and scansafe work with both http and https:&nbsp; </P><P><A class="jive-link-external-small" href="http://www.networkworld.com/community/blog/tutorial-cisco-routers-add-web-security-cisco" target="_blank">http://www.networkworld.com/community/blog/tutorial-cisco-routers-add-web-security-cisco</A></P><P></P><P>does it mean that by choosing to go with ASA, http(s) will not be available with scansafe?</P><P></P><P>Thanks,</P> Mon, 11 Mar 2019 22:17:35 GMT https://community.cisco.com/t5/network-security/cisco-asa-firewall-and-cisco-scansafe-web-url-content-security/m-p/1840425#M456369 david.tran 2019-03-11T22:17:35Z https://community.cisco.com/t5/network-security/cisco-asa-firewall-and-cisco-scansafe-web-url-content-security/m-p/1840426#M456371 <HTML><HEAD></HEAD><BODY><P>To use scansafe with https you need to be able to terminate and proxy and re-establish the clients' https requests.&nbsp; That's a bit beyond the scope of capability of the ASA and requires you implement a full proxy like the Ironport WSA (or a Bluecoat Proxy SG) as the WCCP destination..</P><P></P><P>Note<A href="http://www.cisco.com/en/US/docs/security/web_security/scancenter/sc5200/WSAAP.html"> this Cisco document</A> which states:</P><P></P><P style="padding-left: 30px;"><EM>HTTPS forwarding is not supported in this configuration.</EM></P></BODY></HTML> Tue, 24 Jan 2012 04:12:13 GMT https://community.cisco.com/t5/network-security/cisco-asa-firewall-and-cisco-scansafe-web-url-content-security/m-p/1840426#M456371 Marvin Rhoads 2012-01-24T04:12:13Z https://community.cisco.com/t5/network-security/cisco-asa-firewall-and-cisco-scansafe-web-url-content-security/m-p/1840427#M456373 <HTML><HEAD></HEAD><BODY><P>This may have been true previously however with the release of ASA version 9.0 there are direct integrations for ScanSafe.</P><P></P><TABLE border="1" cellpadding="3" cellspacing="0" id="wp103309table103304" width="80%"><TBODY><TR align="left" valign="top"><TD><P> Cisco Cloud Web Security (ScanSafe) </P></TD><TD><A name="wp103340"></A><P> Cisco Cloud Web Security provides content scanning and other malware&nbsp; protection service for web traffic. It can also redirect and report&nbsp; about web traffic based on user identity. </P><A name="wp103341"></A><P> <STRONG>Note </STRONG><IMG border="0" height="2" src="http://www.cisco.com/en/US/i/templates/blank.gif" width="1" />Clientless&nbsp; SSL VPN is not supported with Cloud Web Security; be sure to exempt any&nbsp; clientless SSL VPN traffic from the ASA service policy for Cloud Web&nbsp; Security. </P></TD></TR></TBODY></TABLE><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/roadmap/asa_new_features.html#wp93103">http://www.cisco.com/en/US/docs/security/asa/roadmap/asa_new_features.html#wp93103</A></P></BODY></HTML> Tue, 30 Oct 2012 18:41:27 GMT https://community.cisco.com/t5/network-security/cisco-asa-firewall-and-cisco-scansafe-web-url-content-security/m-p/1840427#M456373 jbollinger 2012-10-30T18:41:27Z https://community.cisco.com/t5/network-security/cisco-asa-firewall-and-cisco-scansafe-web-url-content-security/m-p/1840428#M456374 <HTML><HEAD></HEAD><BODY><P>Indeed that is one of the several advantages of ASA 9.0.</P></BODY></HTML> Tue, 30 Oct 2012 18:43:35 GMT https://community.cisco.com/t5/network-security/cisco-asa-firewall-and-cisco-scansafe-web-url-content-security/m-p/1840428#M456374 Marvin Rhoads 2012-10-30T18:43:35Z