I completely understand your concerns on this. I wish I could offer a clear answer to your question as before, but I am only a technical engineer. We could talk packets all day What I will do however, is send this information along, as I agree that it would be a great feature.
... View more
Hello Alan, The ISA500 series comes with either a 1 or 3 year security services license. This license will allow you to use AnyConnect with the ISA. No additional cost to you as all ISA500's are sold with this license. Just remember, if you buy the 1 year product, that you will have to renew you license in a year. TIP: the ISA has VPN clients available on the quick start disc so make sure not to throw it away.
... View more
Hello Patrick & pilgrims28 Currently the Web URL filtering is a per Zone policy. What this means is that you can only have one policy assigned to a zone. (pretty straightforward) You canNOT break up a policy by IP address. (TIP: you CAN do this with application control) Where things can get complicated is that you can only assign a vLAN to one Zone. Which means that you would have to have two network, two zones, two URL policies. Here is a basic example- use vlan 1 = 192.168.75.0 Create vlan 2 = 192.168.60.0 use default zone = LAN Zone create exec/priv zone = OTHER Zone Assign default URL policy to LAN Zone Assign New/exec URL policy to OTHER Zone This will work, but you will have to have a network that supports vlans and configure everything to match. Also, since things are now in different zones, you will have to create a firewall rule to allow both networks to talk to each other in the firewall. (not to hard, just make a rule 'from: LAN to: OTHER -permit') Hope this helps.
... View more
Hello H. Erne, I tested from our lab here by going to the site - http://www.eicar.org/85-0-Download.html -From there each time I tried to download using one of the HTTP links, the connection was blocked or reset. This is good news. -When I tried to download using the HTTPS connections, however, it did let me download them. This is not such good news. I am certain that this is due to the handling of traffic. When connecting with HTTPS, the secure session is setup without issue followed by traffic passing. The ISA is not able to read encrypted traffic and thus it is allowed. Just remember the ISA is a major security enhancement, but not a total subsitute for local protections.
... View more
Hello Charles, I am unsure of who you spoke with, but it sounds like all information you were given is way off. The ISA500 series does have several different levels of support which can cause confusion, but I am disappointed that anyone would suggest you buy an older device pointlessly. Here is a summary of some of the different support and licenses ISA500 series by default has - 1 year technical support - 1 OR 3 year(s) security license ISA5X0-BUN#-K9 (X = 5 OR 7) (# = 1 OR 3) Service contracts can be purchased for this device ( http://www.cisco.com/cisco/web/solutions/small_business/shop/index.html-tab-Services ) - 3 year additional technical support CON-SBS-SVC2 - 3 year additional technical support with 4 hour replacement CON-SBS4-SVC1 Security services license which covers security services and AnyConnect- - 1/3 year for ISA550 series L-ISA550-CS-#YR= (# = 1 OR 3) - 1/3 year for ISA570 series L-ISA570-CS-#YR= (# = 1 OR 3) I hope this clears up any confusion you have on the support scope of your device. I personally feel that the ISA500 series is one of the best SBSC devices.
... View more
Hello Christian, It appears that your speed is not getting a huge drop, but I am concerned about the streaming issues. If you are noticing most of your issues when using IPS, then I have a feeling it could be due to false positives. One way of checking this is through the system logs to confirm if that is indeed the problem. Do you notice the issue when only IPS is turned on? I have not seen any streaming issues on our lab system with all security services turned on, so It could be a configuration on the ISA or possibly something else. If possible, I would recommend contacting us by phone so we can create a case for you and look into the issue.
... View more
Hello Christian, What is the speed that you should get when downloading? It would be very helpful to have a baseline so we can tell how much speed is lost. Are you only getting speed drops for downloading apps? If you get a slow speed on all traffic, then there may be more going on. If you would like immediate help with this issue, we do have phone support which is much more responsive and in the event that your issue is a problem, a case will have to be created. Here is the link to call- http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
... View more
Hello Lionel, Have you tried disabling the SPI firewall? The speed listed 'NAT throughput' is the speed at which data travels while only using NAT. Please let us know if this gives better speed results. In addition to testing without the firewall, it is important to note that tests are also done using packets of a max MTU (1500). On a normal network, packets range in size from 32 up to the 1500 and in some cases even further. This creates a situation where if you are sending mixed traffic you will see a lower overall throughput VS. when running software designed for speed testing.
... View more
Gald to hear everything is working for you at the moment. When testing the speed over the link, remember that you will have to generate multiple connections. This is due to the way the LAG balances connections. Also I have noted the admin guide as you mentioned. It should say that line applies to the Sx500 and not the SG500X. Sorry for any confusion.
... View more
The SG200 comes with 1 year free technical support. It is not necessary to buy a support contract during this time. The warranty for the device is based on the serial number so no registration of the switch is needed. If you need any assistance with the switch, we can be reached by phone anytime. Here is a link for calling the SBSC- http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
... View more
Hello Derrick, The warranty is based on the serial number of the unit. Did you purchase a service contract with your switch? For support you will have to register as a user, which can be done at www.cisco.com.
... View more
Hello Robert, 1- Unfortunately you can not LAG the stacking ports. The other port will shut down and act as a backup. 2- I will double check the documentation on this one, however, I can tell you that only one set of 10G ports can be used as stack ports. As you mentioned, in standalone, you can reclaim them for regular use. Might I offer as a suggestion- If you are really set on getting the 20G link, you could set all the switches to standalone and use several LAGs between them. This would add additional work as each switch must now be configured individually, but it would allow you to complete your design.
... View more
Hello Richard, From vlan4 (192.168.2.x) can you ping the router (192.168.111.254)? If yes, then can you ping your WAN IP address on the router? It may be possible that the router is not doing NAT for your second vlan. If this is the case then, your ping out would be dropped once it hits the internet.
... View more