hmm - we have "always" been using the AIP module in our ASA's and had websense for url-filtering but I can see that cisco claims that the csc-blade also can be used for webfiltering - I now this is a stupid question to ask but - how easy is this to administrate? Could one f.ex define a virtual sensor #2 which would deny social networks ?

Yes, CSC module is similar to Websense.

CSC module can be configured to integrate with Active Directory, and you can configure different user group with different URL filtering policies.

You can however only have 1 module per ASA, and you can't have both AIP and CSC module as there is only 1 slot on the ASA for module. So it's either AIP or CSC.

To administer it, it's just a GUI using browser for management.

Here is the latest version admin guide, if you wish to quickly browse through it:

http://www.cisco.com/en/US/docs/security/csc/csc66/administration/guide/cscssm66.html

Jen

Can csc-ssm integrated with 5515-x i  couldn't find any doc showing it can be installed on ASA 5515-x .

That product is long past end of sales and was never offered on the ASA 5500-X series.It was last sold in 2013:

https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/eol_C51-727284.html

The modern alternative is a Firepower service module (or ASA running Firepower Threat Defense image).

Thnx Marvin for clarification ,so does the firepower provide antivirus and anti phishing anti malware all in the same product if so what would you think the best one to go with 

Marvin,

I have ASA 5515-x with SSD (micron_M550MTFDDAK128MAY) we have integrated it with web-sense ,we would like to get rid of web-sense so i was wounding if there is  any way i can upgrade it to firepower with AMP solution by purchase a license   such as L-ASA5515-TMAC-3Y   or L-S-ASA5515-TAM-3Y  .

Cisco Umbrella is generally a superior product for DNS security and is effective protection at the DNS layer against phishing and malware links.

Umbrella plus AMP for Endpoints is a good solution for both endpoint and DNS protection.

If you want to rely on perimeter protection you can use your 5515-X with a Firepower service module and a subscription like the TAM or TAMC ones (T = Threat or IPS, AM = Advanced Malware, C = URL Filtering).

Antimalware at the perimeter tends not to be as effective since most malware travels via encrypted channels and your perimeter firewall is not decrypting it. That's why we recommend AMP for Endpoints as it runs on each client computer. Also, AMP and Umbrella can both protect your computers whether they are on or off your network.

thanks alot sir

I have another question ,For  5515-x do you have procedure to upgrade it to firepower or i have to open a ticket with Cisco  below is the show module 

sh module

Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5515-X with SW, 6 GE Data, 1 GE Mgmt, AC ASA5515 *********
ips Unknown N/A  ********
cxsc ASA CX5515 Security Appliance ASA CX5515 ***********

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 ****.****.**** to ****.****.**** 1.0 2.1(9)8 9.1(1)
ips ****.****.**** to ****.****.**** N/A N/A
cxsc ****.****.**** to ****.****.**** N/A N/A 9.1.1

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
ips Unknown No Image Present Not Applicable
cxsc ASA CX Up 9.1.1

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
ips Unresponsive Not Applicable
cxsc Up Up

Mod License Name License Status Time Remaining
---- -------------- --------------- ---------------
ips IPS Module Disabled perpetual

The procedure to install a new Firepower service software module on an existing ASA 5500-X series can be found here:

https://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html

6.4.x is the latest version of Firepower software supported on the service module for the now-end-of-sale ASA 5515-X. So you would start by installing 6.4.0 and then patching to the latest patch (currently 6.4.0.9).

Thanks a lot for the information appreciated.

You're welcome. Please ate helpful posts or mark your question as solved.