I am considering to buy a Cisco ISA 570, since this product line is not really known by my local Gold supplier, I am seeking for advise and help.
I want to replace a Cisco 871 for a medical practice of 8 people where suppliers (4 to 5) needs to have remote access to provide support activities for medical devices. In addition, I want to make sure that Social Network sites (e.g. facebook, twitter etc...) are being effectively blocked in HTTP and HTTPS. I am not so much interested in AV or SPAM protection as the environment is mainly running on MacOS and email server is outsourced to a provider.
-Can the ISA 870 be used to effectively block the Facebook/Twitter in HTTP/HTTPS ? (I know that I can block by IP --> but I want to avoid maintenance of IP addresses on the device. I want to rely on the updates provided by the licensing program)
-For my specific needs, would it be possible to use a normal router Cisco 1921 with the SEC package ? (what about the performance compare to the ISA 570 ?)
-If I activate SSL VPN for remote access for the suppliers, is there any license requirements i.e. extra cost to be paid ?
-I am currently testing a Fortigate 60C, which is blocking the traffic to social network. However, since the rest of the infrastructure is Cisco based (IP Telephony and Switching), I would prefer to keep Cisco. On top, I don't have time to explain to the supplier how to change their VPN client to Fortigate.
-What would then be the main differences between a Cisco ISA 570 and Fortigate 60C for web application filtering ?
Many thanks for your support and help.
Hi Olivier, thank you for using our forum, my name is Johnnatan I am part of the Small business Support community. ISA new product are really nice device, with multiple block features, to answer your question you can block specific web sites per URL, here you can see two ways to block that websites.
If you want to compare the features of both devices you can check this link. However the main difference is the 550 has 6 LAN ports, the 570 has 9 and supports more VPN tunnels.
For VPN SSL is supported without additional cost, here you can see how to configure it.
About your question regardless the Fortigate router, I have no information about it, I apologize for that.
I hope you find this answer useful,
*Please mark the question as Answered or rate it so other users can benefit from it"
Johnnatan Rodriguez Miranda.
Cisco Network Support Engineer.
Thanks for the reply. On top of the Webfiltering capabilities, is it possible to block Facebook as an "application", thereby all chat and other FB functionalities could be blocked ?
Will the subscription over the 3 years period will cover any update (i.e. if facebook introduce new capabilities, will I be able to automatically block those ?
Thanks a lot
If you want to block Facebook as an application, you can achieve that by selecting and denying Social Networrk under Application Control. If you want to block just Facebook specifically, you can do that in Web URL Filterig. For any new introduction of capabilities from Facebook, you can upgrade your image when they are supported. Hope this helps.
I have an add on to the above question. Is there any way I can bulk add the number of URLs to be blocked by the Policy Profile creation? My objective is to block torrents, Youtube downloads and proxy sites in my network. I have created a master list of keywords and urls to be blocked. However as far as I can see I can only add one URL at a time.
It would be cool if I could bulk add several hundreds of URLs into the Policy profile, all to be blocked or to be permitted.
Is there any such option for ISA570 ?
Several of my clients purchased the SA 540 with the intent to setup URL blocking and use other advanced UTM features. All had to scrap their plans because the SA 540's just could not handle the load of even a small 25 node network. Can you provide assurances that your new devices and in particular the ISA 550 can handle the load? I have prospect for several ot these but hesitate due to my experience with the SA 540.
Can i achieve MAC based filtering and IP based filtering in content security, rather one rule for entire network.
Share any URL to understand.
Venkata S. Dendukuri
With Application Control, you can create multiple policies and apply them by Zone in whatever order you wish. With Web Filtering, you can create multiple policies however you can only apply one policy per Zone. In both instances, there are no options to control by IP or MAC.