topic scansafe via ASA in Network Security

scansafe via ASA

lcaruso — Mon, 11 Mar 2019 22:15:45 GMT

Hello,

I had heard scansafe scanning was being added to the ASA. Is that currently available? Any links are appreciated.

Thanks.

scansafe via ASA

Marvin Rhoads — Tue, 17 Jan 2012 17:36:32 GMT

Yes, the ASA (8.3/8.4) can be configured to port forward to Scansafe Cloud. You use the AnyConnect Profile Editor in ASDM to configure the Scansafe scanning proxies. (You will need to be using AnyConnect 3.0 clients.)

scansafe via ASA

lcaruso — Tue, 17 Jan 2012 17:41:46 GMT

Thanks. So it is only for remote access clients (not for internal clients behind the ASA)?

scansafe via ASA

Marvin Rhoads — Tue, 17 Jan 2012 18:02:54 GMT

Kind of.

Whether for secure mobility clients (AnyConnect) or internal clients the ASA itself just acts as an intercept point for traffic that your policy has chosen to be proxied by Scansafe. (This could be hardware such as an Ironport WSA or the cloud-based SaaS scansafe service.) The ASA is set up using WCCP to redirect interesting traffic to the WSA or ScanSafe proxy for inspection and action.

I'm sure your account team or reseller would be happy to give you an overview or demo.