cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
977
Views
0
Helpful
4
Replies

WSA vs. vWSA

Tim Glen
Cisco Employee
Cisco Employee

Hello,

I'm about to overhaul my Web Security Platform and I'm considering migrating my S170's to the vWSA. 

Besides the advantages of not having to deal with physical hardware what, if any, other advantages are there ? 

Thanks


Tim

1 Accepted Solution

Accepted Solutions

Our users see it in faster access to the internet

Its more stable, the S170 had issues when updates came down at the same time users were all surfing, and it would just stop working until it finished the update. 

Black magic in that it was more complex for us than we wanted to try through our many hops... Its probably doable now that we installed the Nexus 1000v in VMware.

View solution in original post

4 Replies 4

My vWSA S100V performs better than my S170, my VMware infrastructure has a lot more horsepower than the S170.

Are you using the L4TM?  I'm pretty sure getting SPAN'd traffic to that through all of the switching and then through VMware is black magic.

Hi Ken,

Thanks for replying.  

When you say it performs better where do you feel that ?  I believe that logically since the VMWare hosts here have far more horsepower than the S170 too.   But realistically, where do you see that performance gain? 

 

Yes, I am using L4TM and I've been very concerned about how to get that traffic back into the ESX world...  When you say black magic, what do you mean?   I've considered using RSPAN but haven't tried setting up a PoC yet.

Thank you

Our users see it in faster access to the internet

Its more stable, the S170 had issues when updates came down at the same time users were all surfing, and it would just stop working until it finished the update. 

Black magic in that it was more complex for us than we wanted to try through our many hops... Its probably doable now that we installed the Nexus 1000v in VMware.

Ken, 

Thanks for the tips.  My S170 has been quite stable but I'm leaning toward virtualizing both the S170 and the M170 during this overhaul.  

The L4TM doesn't provide too much protection because we limit the outbound traffic to well known ports. I think we can live without the L4TM.

Tim