cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1161
Views
0
Helpful
4
Replies

Questions about ASA 5520

mhcnetadmin
Level 1
Level 1

Hi all

I have some qustions regarding ASA 5520 (Part number: ASA5520-BUN-K9 + SSM-4GE)

  • If we want Content filtering do we have to replace the SSM-4GE with the CSC-SSM? What if we want an IPS?

  • Regarding CSC-SSM module:

b.      Does it have Single-Sign-On (SSO) with Active Directory i.e.  Internet access can be granted based on Users within Active Directory? Does it need an agent?

c.       What are the spam techniques that are used to filter spam message and how are the spam messages treated (deleted, quarantined).

e.      Does it filter or block Instant Messaging Applications(yahoo messenger, msn,Skype,..etc.), and P2P programs (bittorrent, Emule,…etc.)?

f.        Can it be configured to use Parent Proxy?

g.       What kind of reporting does it have(report on Internet usage based on username or IP, blocked websites, …etc.)?

   I have read the ASA5520 and CSC-SSM datasheets but I couldon't find answers to these questions!

Thanks

1 Accepted Solution

Accepted Solutions

Hi all,

See answers inline:

  • If we want Content filtering do we have to replace the SSM-4GE with the CSC-SSM? What if we want an IPS?

               Yes, the chassis can only hold 1 SSM at a time (4GE, CSC, or AIP).

  • Regarding CSC-SSM module:

b.      Does  it have Single-Sign-On (SSO) with Active Directory i.e.  Internet  access can be granted based on Users within Active Directory? Does it  need an agent?

          Yes to both.

c.       What are the spam techniques that are used to filter spam message and how are the spam messages treated (deleted, quarantined).

                              Messages that are considered spam can be automatically deleted or stamped with a special subject and delivered. For more details on the configuration options available, see the following link:

http://www.cisco.com/en/US/docs/security/csc/csc66/administration/guide/csc3.html

e.      Does  it filter or block Instant Messaging Applications(yahoo messenger,  msn,Skype,..etc.), and P2P programs (bittorrent, Emule,…etc.)?

     No. The module only supports scanning the following protocols: HTTP, FTP, SMTP, POP3 (and HTTPS in the latest version).

f.        Can it be configured to use Parent Proxy?

                         I assume you mean "can the module be configured to point at another proxy for outbound traffic"? If so, the answer is yes.


g.       What kind of reporting does it have(report on Internet usage based on username or IP, blocked websites, …etc.)?

     The module will generate logs for any content that is blocked by the module. The report will include username (if configured), source and destination IP addresses, URL (if applicable), and the reason for the block. You can send these logs to a syslog server or view them locally on the CSC or in ASDM. It will not currently report on Internet usage or any traffic that is allowed.

Hope that helps.

-Mike

View solution in original post

4 Replies 4

mhcnetadmin
Level 1
Level 1

Anyone please?

This question remains unanswered since 2008..

Can someone respond to these questions..

I am specifically interested to know the answer for the following question..

e.      Does it filter or block Instant Messaging Applications(yahoo messenger, msn,Skype,..etc.), and P2P programs (bittorrent, Emule,…etc.)?

Hi all,

See answers inline:

  • If we want Content filtering do we have to replace the SSM-4GE with the CSC-SSM? What if we want an IPS?

               Yes, the chassis can only hold 1 SSM at a time (4GE, CSC, or AIP).

  • Regarding CSC-SSM module:

b.      Does  it have Single-Sign-On (SSO) with Active Directory i.e.  Internet  access can be granted based on Users within Active Directory? Does it  need an agent?

          Yes to both.

c.       What are the spam techniques that are used to filter spam message and how are the spam messages treated (deleted, quarantined).

                              Messages that are considered spam can be automatically deleted or stamped with a special subject and delivered. For more details on the configuration options available, see the following link:

http://www.cisco.com/en/US/docs/security/csc/csc66/administration/guide/csc3.html

e.      Does  it filter or block Instant Messaging Applications(yahoo messenger,  msn,Skype,..etc.), and P2P programs (bittorrent, Emule,…etc.)?

     No. The module only supports scanning the following protocols: HTTP, FTP, SMTP, POP3 (and HTTPS in the latest version).

f.        Can it be configured to use Parent Proxy?

                         I assume you mean "can the module be configured to point at another proxy for outbound traffic"? If so, the answer is yes.


g.       What kind of reporting does it have(report on Internet usage based on username or IP, blocked websites, …etc.)?

     The module will generate logs for any content that is blocked by the module. The report will include username (if configured), source and destination IP addresses, URL (if applicable), and the reason for the block. You can send these logs to a syslog server or view them locally on the CSC or in ASDM. It will not currently report on Internet usage or any traffic that is allowed.

Hope that helps.

-Mike

WOW after almost a year , Thanks Mike.

Does your answer apply for  all ASA versions (hardware and software?)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: