[c-nsp] Cisco ASA Filtering
Peder @ NetworkOblivion
peder at networkoblivion.com
Thu Jul 6 09:18:50 EDT 2006
I've installed a couple of CSC's and AIP's and my feelings are mixed.
The CSC is good for AV, anti-phishing and content filtering, but not so
good for anti-spam and URL filtering. Both anti-spam and URL filtering
are global, you can't set individual users preferences, like saying that
admins can go to any sites, or have separate quarantines per user for
spam. Personally, for spam I like Postini and for URL filtering I like
Websense. I like a lot of flexibility because I know that no matter
what customers say, they will change their feature requests after the
install.
I don't like the AIP at all. It has an ugly web interface, virtually no
reporting and it is very difficult to tune it. If you want an IDS that
really works and is pretty easy to use, look at the Juniper IDP series.
I've deployed several of those and the users have been very happy so far.
Paul Stewart wrote:
> Hi everyone...
>
> As you may have seen in a previous email, we are looking at a campus
> deployment involving about 1000 users. I'm considering the option of
> using a Cisco ASA 5540 and wondering about using either a CSC card or a
> AIP card and pros/cons for both?
>
> The users will be responsible for running an anti-virus and spyware
> software etc but would like to ensure traffic hitting this device can
> block malicious traffic. We have ordered a 5520 with AIP for our own
> use but haven't had a chance yet to see what all of it's capabilities
> are... I'm leaning towards IDS type functions... Any input? :)
>
> Or, is a 7206VXR with inline IOS IPS just as sufficient and/or better in
> some regards??
>
> Thanks very much,
>
> Paul Stewart
> Network Administrator
> Nexicom Inc.
> http://www.nexicom.net/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
--
Network stuff you didn't know....
http://www.networkoblivion.com
More information about the cisco-nsp
mailing list