Looking to Buy Cisco 5515-x with FirePOWER -- Questions

emilyforcisco1 · ‎08-04-2016

Hello,

I work at a medium sized company and we are looking to upgrade our networking side. I've looked into purchasing a Cisco ASA 5515-x with FirePOWER. The boss pretty much wants a UTM device and I was wondering about the URL Filtering license.

Does the filter block HTTPS requests?

Does the filter work well, is consistent with blocking sites?

Is it difficult to set up through the ASDM?

Any help would be appreciated. I can't seem to find too much information about their URL filter online. Thanks!

Karsten Iwen · ‎08-04-2016

Personally, I would go directly for the 5516-X which is only slightly more expensive but much faster with FirePower.

Does the filter block HTTPS requests?

It's possible to configure SSL-policies where you define which traffic to decrypt and which to drop or pass without decryption.

Does the filter work well, is consistent with blocking sites?

FirePower uses the Brightcloud URL-database. I think it's of high quality although some of the classifications are a little strange. They react quite fast on reports for wrong classifications.

Is it difficult to set up through the ASDM?

I would say yes. The system is extremly powerful and has many options. You have endless possibilities to misconfigure something. Take some time to get used to the system and/or attend a training-class on Firepower. In addition to tat I would not manage FirePower through ASDM. If you have VMware, use FirePower Management-Center.

Alternatively you could look into the Meraki MX84. By far not that many options to configure, but with limited manpower you probably get better security as with a FirePower system that is not optimally configured.