Firepower does not support

khaled alodat · ‎02-23-2017

hi ,

i was looking in to the difference between ASA with firepower and WSA , but to be honest most of the features are the same even the licenses are the same , AMP, web reputation ....etc.

from what i read , the firepower don't cash http traffic.

we need to change our old ASAs , and license the WSA . can i go with ASA with firepower as a replacement for both, the old ASA and WSA ?

Thanks,

Khaled

Philip D'Ath · ‎02-27-2017

If you don't need caching then I don't see why not.

Philip D'Ath · ‎02-27-2017

The only time I use proxies now is when devices can't (or aren't allowed) direct Internet access. Then you put the proxy in a DMZ. Clients access the proxy and the proxy access the Internet on their behalf.

Otherwise if they have a default route pointing to the ASA - do it there.

khaled alodat · ‎02-28-2017

Thank you for your replay.

- to be clear , can i replace the WSA with the firepower ? when we say cashing, is it the web cashing we are talking about and will the windows browsers do this job ? -

Thanks ,

Khaled

Philip D'Ath · ‎02-28-2017

Yes I am referring to http caching. Individual client machines also do caching.

I prefer to have as little caching as possible. That is because it can break things. As in, something get changes but an old copy continues to get cached.

However if you have a substantial bandwidth squeeze then you have not have any choice.

ASA with Firepower has all the enforcement options available in the WSA. I guess the main difference is in the reporting. The WSA has better reporting for users. Firepower is more threat focused, and while it does have some user reporting, it is more focused around threats.

captkloss · ‎03-10-2017

Firepower does not support regular expressions / wildcards - if you need granular url filtering, WSA is the way to go.

ASA with Firepower vs WSA