Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Firewalls Community


ASA 5515-X - Content Security Options?

Our requirement with that appliance is to do URL blocking and filtering.

Ive read that this cannot be done with that appliance, see below. Are ther any other options we can consider or is it SaaS only. Would have prefered Trend Micro, but don't this is possible with this appliance.

Q. Will content security be offered on the Cisco ASA 5500-X Series?

A. At this time, content security services are not supported on the Cisco  ASA 5500-X Series appliances. However, the ASA 5500-X Series Cisco Cloud  Web Security ready. Cisco Cloud Web Security provides content security  as a cloud-based software as a service (SaaS).

Cisco Employee

Re: ASA 5515-X - Content Security Options?

That ASA support WCCP as a method to redirect traffic to WCCP server like Cisco WSA.

Cisco WSA has a huge capabilities regarding URL blocking and filtering - it's better (and newer) solution than CSC module (Trend Micro) inside ASA.

This solutions can be totally transparent to the users.

If you do not want to purchase WSA hardware you can buy cloud service and the your anyconnect client will pass all traffic thru web service (where specific policies could be applied with AD user granurality).

This solution is not transparent to the users because it requires Anyconnect.

The other option for a "Saas" model is to use ASA9 which has integrated service for cloud security (Cisco Cloud Web Security) and Cisco Security Intelligence Operations (SIO) - and then it's again transparent to the user.

So - there are many possible solutions depending on your needs, ASA 5515-X supports everything you might need




ASA 5515-X - Content Security Options?

Dear Michal,

In the Newer Cisco ASA5500X can we use both IPS and Content security simultaneously.

Cisco Employee

ASA 5515-X - Content Security Options?


Not today. Each of IPS and Content require a dedicated SSP today. Having both is on the short term road map




Antivirus and IPS are supported now?



Cisco Employee

As Michal stated, you can

As Michal stated, you can redirect web traffic via WCCP to WSA or via ASA Cloud Connector settings to CWS for advanced web filtering, including URL categorization and one or more AV engines.

The ASA is able to perform both FirePower IPS inspection and redirection to a proxy inspection solution using 2 contexts. Effectively, making the system 2 ASAs in a row.

Make sense?

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here