Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
885
Views
0
Helpful
1
Replies

Cisco WSA Questions

snowmizer
Level 1
Level 1

‎04-13-2015 08:55 AM

We are evaluating the Cisco WSA virtual appliance as a replacement for our current solution. Cisco's hardware requirements say the following for VMWare ESXi deployment:
 

"Cisco UCS servers (blade or rack-mounted) are the only supported hardware platform"
 

I am deploying this on a UCS blade server so we're meeting the above requirement. However I'm running into an issue. Our current solution can filter on protocol and block non-allowed protocols. I need to make sure we retain this functionality in the new solution. From what I've read L4TM seems like the answer in WSA. However, in order to use the L4TM functionality you have to connect the T1 interface to a SPAN port. From what I know about the Cisco UCS blade server this isn't possible. I'm curious how people have gotten around this issue? If I'm running on a blade server will I not be able to use L4TM to monitor ports other than 80/443? Is there another way to monitor and block non-allowed protocols?

Thanks.

 

Labels:
0 Helpful
1 Reply 1

Tao Yang
Cisco Employee
Cisco Employee

‎04-14-2015 07:43 PM

The feature you are looking for in WSA named "AVC" ( Application Visibility and Control) which can cover quite a lot different protocols. Please refer to the following release notes for more details.

http://www.cisco.com/c/dam/en/us/td/docs/security/wsa/AVC/AVC_Release_Notes_110x.pdf

Hope it helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents