CISCO Firewall with following specs:
Firewall with filtering, anti-virus and anti-spam . I need license for the minimum number of users .
when i searched i found ASA5512 but there is no any information about number of user .
The features you mention used to be in the content security modules and licenses on the old 5500 series.
Cisco has moved to a different model and set of offerings with the Next Generation Firewall features of the 5500-X series. Web filtering is provided by the Web Security Essentials (WSE) feature. It is licensed to run on the CX module and usually sold with the Application Visibility and Control (AVC) feature set. They are licensed annually or in multi-year subscriptions and not by number of users.
Please see the subscription license part number in the bottom half of Table 4 here.
Cisco has mostly moved the AV and anti-spam features off the firewall product line. You can get Cloud Web Security (with or without Advanced Malware Protection) which integrates via a connector with an ASA. It is described here. Anti-spam would be a feature of the Cisco Ironport Email Security Appliance (ESA).
Dear Marvin ,
depend on your reply , both of this part number support filtering, anti-virus and anti-spam ? if yes what is the different in the two solution below
ASA 5510 Appl w/ CSC10, SW, 50 Usr AV/Spy, 1 YR Subscript
ASA 5512-X with SW, 6GE Data, 1GE Mgmt, AC, 3DES/AES
ASA 5512-X AVC, WSE, IPS 1Year
Item #1 is no longer sold as of last year. See this End-of-Sale and End-of-Life notice.
Item #2 is a successor product with the subscription for the AVC, WSE and IPS features. It does not include the Cloud Web Security (CWS) bits I mentioned earlier (which are also mentioned on the notice).
CWS is licensed by a combination of the number of seats (= concurrent users) and term of subscription (1, 3 or 5 years). The minimum tier is 25-199 seats and one year term. The SKU for a minimum size installation would be CWS-1Y-S1, quantity 25.
Also, most customers are advised to get the 5515-X (vs. 5512-X) if they have any intention to run an HA pair.
thanks for your replay , but i want to be sure that ASA5512-X , WSE and AVC depend on SIO .
is that equivalent to Antispam at ASA5510
Yes - WSE and AVC (and IPS) all use Cisco's cloud-based Security Intelligence Operations (SIO) as a source for their decision-making data (categorization of websites, application, IPS signatures, etc.)
They do not do anti-spam. That feature was not carried forward in the Next Generation Firewall (NGFW). Please refer to my earlier reply: "Anti-spam would be a feature of the Cisco Ironport Email Security Appliance (ESA)."
so in my case there is no one appliance do three function ( filtering , antiviruse , antispam )
so , if i need
- filtering i con go to ( ASA5512 with AVC & WSE license ) or to (WSA-S170-K9)
- antivirus & antispam go to (ESA-C170-K9)
Please confirm if i understand well .
thanks for your patience