Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3999
Views
0
Helpful
3
Replies

Cisco ASA firewall and Cisco Scansafe web URL & content security scanning

david.tran
Level 4
Level 4

‎01-22-2012 08:54 AM - edited ‎03-11-2019 03:17 PM

I have a requirements to provide wireless access for visitors who visit the companies for a few days.  These guest users will be able to browse the Internet and VPN back into their corporate securely with their own laptops, Ipad, etc...

One of the requirements is that I need to be able to control ther Internet usage and make sure whatever they download can be safely scanned through a cloud service from Cisco called scansafe.  I am thinking of using Cisco ASA firewalls to accomplish this task. 

I am getting conflicting information.  According to this documentation, Cisco ASA and scansafe only works for http but not https: 

http://www.novanet.se/ScanSafe_ASA_WiFi_Config.pdf

However, another documentation states that Cisco IOS routers and scansafe work with both http and https: 

http://www.networkworld.com/community/blog/tutorial-cisco-routers-add-web-security-cisco

does it mean that by choosing to go with ASA, http(s) will not be available with scansafe?

Thanks,

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-23-2012 08:12 PM

To use scansafe with https you need to be able to terminate and proxy and re-establish the clients' https requests.  That's a bit beyond the scope of capability of the ASA and requires you implement a full proxy like the Ironport WSA (or a Bluecoat Proxy SG) as the WCCP destination..

Note this Cisco document which states:

HTTPS forwarding is not supported in this configuration.

0 Helpful

jbollinger
Level 1
Level 1

‎10-30-2012 11:41 AM

This may have been true previously however with the release of ASA version 9.0 there are direct integrations for ScanSafe.

Cisco Cloud Web Security (ScanSafe)

Cisco Cloud Web Security provides content scanning and other malware  protection service for web traffic. It can also redirect and report  about web traffic based on user identity.

Note Clientless  SSL VPN is not supported with Cloud Web Security; be sure to exempt any  clientless SSL VPN traffic from the ASA service policy for Cloud Web  Security.

http://www.cisco.com/en/US/docs/security/asa/roadmap/asa_new_features.html#wp93103

CCNP Security, Cisco Identity Services Engine Field Engineer, Cisco ASA Specialist, Cisco IPS Specialist, Cisco Web Security Field Engineer
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to jbollinger

‎10-30-2012 11:43 AM

Indeed that is one of the several advantages of ASA 9.0.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card