I completely understand your concerns on this. I wish I could offer a clear answer to your question as before, but I am only a technical engineer. We could talk packets all day What I will do however, is send this information along, as I agree that it would be a great feature. ... View more

Excellent guide. Thanks for sharing this with the community. ... View more

Hello Patrick & pilgrims28 Currently the Web URL filtering is a per Zone policy. What this means is that you can only have one policy assigned to a zone. (pretty straightforward) You canNOT break up a policy by IP address. (TIP: you CAN do this with application control) Where things can get complicated is that you can only assign a vLAN to one Zone. Which means that you would have to have two network, two zones, two URL policies. Here is a basic example- use vlan 1 = 192.168.75.0 Create vlan 2 = 192.168.60.0 use default zone = LAN Zone create exec/priv zone = OTHER Zone Assign default URL policy to LAN Zone Assign New/exec URL policy to OTHER Zone This will work, but you will have to have a network that supports vlans and configure everything to match. Also, since things are now in different zones, you will have to create a firewall rule to allow both networks to talk to each other in the firewall. (not to hard, just make a rule 'from: LAN to: OTHER -permit') Hope this helps. ... View more

Hello H. Erne, I tested from our lab here by going to the site - http://www.eicar.org/85-0-Download.html -From there each time I tried to download using one of the HTTP links, the connection was blocked or reset. This is good news. -When I tried to download using the HTTPS connections, however, it did let me download them. This is not such good news. I am certain that this is due to the handling of traffic. When connecting with HTTPS, the secure session is setup without issue followed by traffic passing. The ISA is not able to read encrypted traffic and thus it is allowed. Just remember the ISA is a major security enhancement, but not a total subsitute for local protections. ... View more

Hello Charles, I am unsure of who you spoke with, but it sounds like all information you were given is way off. The ISA500 series does have several different levels of support which can cause confusion, but I am disappointed that anyone would suggest you buy an older device pointlessly. Here is a summary of some of the different support and licenses ISA500 series by default has - 1 year technical support - 1 OR 3 year(s) security license ISA5X0-BUN#-K9 (X = 5 OR 7) (# = 1 OR 3) Service contracts can be purchased for this device ( http://www.cisco.com/cisco/web/solutions/small_business/shop/index.html-tab-Services ) - 3 year additional technical support CON-SBS-SVC2 - 3 year additional technical support with 4 hour replacement CON-SBS4-SVC1 Security services license which covers security services and AnyConnect- - 1/3 year for ISA550 series L-ISA550-CS-#YR= (# = 1 OR 3) - 1/3 year for ISA570 series L-ISA570-CS-#YR= (# = 1 OR 3) I hope this clears up any confusion you have on the support scope of your device. I personally feel that the ISA500 series is one of the best SBSC devices. ... View more

Hello Christian, It appears that your speed is not getting a huge drop, but I am concerned about the streaming issues. If you are noticing most of your issues when using IPS, then I have a feeling it could be due to false positives. One way of checking this is through the system logs to confirm if that is indeed the problem. Do you notice the issue when only IPS is turned on? I have not seen any streaming issues on our lab system with all security services turned on, so It could be a configuration on the ISA or possibly something else. If possible, I would recommend contacting us by phone so we can create a case for you and look into the issue. ... View more

Hello Christian, What is the speed that you should get when downloading? It would be very helpful to have a baseline so we can tell how much speed is lost. Are you only getting speed drops for downloading apps? If you get a slow speed on all traffic, then there may be more going on. If you would like immediate help with this issue, we do have phone support which is much more responsive and in the event that your issue is a problem, a case will have to be created. Here is the link to call- http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html ... View more

Hello Lionel, Have you tried disabling the SPI firewall? The speed listed 'NAT throughput' is the speed at which data travels while only using NAT. Please let us know if this gives better speed results. In addition to testing without the firewall, it is important to note that tests are also done using packets of a max MTU (1500). On a normal network, packets range in size from 32 up to the 1500 and in some cases even further. This creates a situation where if you are sending mixed traffic you will see a lower overall throughput VS. when running software designed for speed testing. ... View more

The SG200 comes with 1 year free technical support. It is not necessary to buy a support contract during this time. The warranty for the device is based on the serial number so no registration of the switch is needed. If you need any assistance with the switch, we can be reached by phone anytime. Here is a link for calling the SBSC- http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html ... View more

Hello Derrick, The warranty is based on the serial number of the unit. Did you purchase a service contract with your switch? For support you will have to register as a user, which can be done at www.cisco.com. ... View more