09-30-2013 09:50 PM - edited 03-11-2019 07:45 PM
I posted this over in the Web Security but didn't get any hits, just wondering if anybody has any firsthand experience with the new ASA series with the AVC (application visibility and control) and the WSE (web security essentials). I'm looking to ditch Websene and was hoping this could be an option. Anybody got an opinion?
10-01-2013 05:16 AM
Not quite fully baked.
We've seen some unresolved bugs in our initial deployments. One big one is CX stops forwarding traffic after some period requiring a module reset to resolve. I saw still others during lab testing. Some things cosmetic/annoying (i.e., PRSM menu items don't show up consistently using supported browser yet do show up on unsupported browser) and others functional (not being able to block specified file type content).
10-02-2013 07:55 AM
Thanks! Thats good to know! Which appliance are you using? (we're looking at the 5525X) Also, are you using the web security essentials feature?
10-02-2013 07:59 AM
You're welcome.
The production installation I did had both 5515-X and 5525-X sites. Yes we were using both AVC and WSE.
10-02-2013 06:11 PM
How did the WSE fair? Do you think it would be a viable replacement for Websense? There's not a built in Malware filter right?
10-02-2013 09:32 PM
The production installation I did used a whitelist of pre-defined allowed web sites we we didn't get to fully exercise the WSE bit.
In general, the Cisco ASA (even with ASA CX and WSE) does not compare favorably with the more full-featured next gen firewalls, 3rd party web proxies (such as Websense or others) or even Cisco's own (Ironport) WSA. Otherwise they would not have agreed to pay $2.7B for SourceFire.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide