5505 for web filtering

phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
We currently use a linux box to do our web filtering but I was thinking about moving that role to our asa 5505. Has anyone used the web filter module before? Thoughts? Suggestions?

Comments

  • tierstentiersten Member Posts: 4,505
    You need an external server to use the URL filter system in an ASA5505.

    They don't make a CSC SSC either but considering the price of the AIP SSC I wouldn't buy it because it'd be crazy expensive. The AIP SSC costs more than the ASA5505 unit itself.
  • jamesp1983jamesp1983 Member Posts: 2,475 ■■■■□□□□□□
    Trend Micro makes a filter. It's pretty nice.
    "Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks."
  • hypnotoadhypnotoad Banned Posts: 915
    How much bandwidth are we talking about here for the internet connection?
  • Jack2Jack2 Member Posts: 153
    phoeneous wrote: »
    We currently use a linux box to do our web filtering but I was thinking about moving that role to our asa 5505. Has anyone used the web filter module before? Thoughts? Suggestions?

    What are you trying to filter?
    Any traffic shaping?
    Content Filtering/logging?
    Antivirus filters?

    I have a number of Fortinet firewalls deployed.

    The have many solution from SMB to enterprise solutions that do a good job.
    WGU Courses Completed at WGU: CPW3, EWB2, WFV1, TEV1, TTV1, AKV1, TNV1| TSV1, LET1, ORC1, MGC1, TPV1, TWA1, CVV1, DHV1, DIV1, DJV1, TXP1, TYP1, CUV1, TXC1, TYC1, CJV1
    Classes Transferred: BAC1, BBC1, LAE1, LAT1, LUT1 ,1LC1, 1MC1, QLT1, IWC1, IWT1, INC1, INT1, SSC1, SST1, CLC1
    WGU Graduate - BSIT 2014
  • powerfoolpowerfool Member Posts: 1,665 ■■■■■■■■□□
    Honestly, I didn't like the CSC CCM... from what I recall, it really was a one-policy-fits-all solution, meaning you cannot create different policies for different groups of users. What we ended up doing a lot was adding users to an ACL to not have their content filtered. Also, the CCIE from Berbee that installed it didn't follow the best practices out there for having the CSC not filter itself; it works for a while if you have it filter itself, and then the world is not happy (about 5-7 days).
    2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
    2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    hypnotoad wrote: »
    How much bandwidth are we talking about here for the internet connection?

    A basic 1.5 t1.

    We are going to stuck with the Linux box because of it's Active Directory integration and the ability to create custom policies based on user groups. Plus it is very easy to manage.
    Jack2 wrote:
    What are you trying to filter?
    Any traffic shaping?
    Content Filtering/logging?
    Antivirus filters?

    I have a number of Fortinet firewalls deployed.

    The have many solution from SMB to enterprise solutions that do a good job.

    Just content filtering and logging. We have an AV solution but our current filter has an AV plug-in as well.
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    Trend Micro makes a filter. It's pretty nice.

    They do and we use that too :)
Sign In or Register to comment.