[c-nsp] Cisco ASA Filtering

Peder @ NetworkOblivion peder at networkoblivion.com
Thu Jul 6 09:18:50 EDT 2006 

I've installed a couple of CSC's and AIP's and my feelings are mixed.

The CSC is good for AV, anti-phishing and content filtering, but not so 
good for anti-spam and URL filtering.  Both anti-spam and URL filtering 
are global, you can't set individual users preferences, like saying that 
admins can go to any sites, or have separate quarantines per user for 
spam.  Personally, for spam I like Postini and for URL filtering I like 
Websense.  I like a lot of flexibility because I know that no matter 
what customers say, they will change their feature requests after the 
install.

I don't like the AIP at all.  It has an ugly web interface, virtually no 
reporting and it is very difficult to tune it.  If you want an IDS that 
really works and is pretty easy to use, look at the Juniper IDP series. 
  I've deployed several of those and the users have been very happy so far.

Paul Stewart wrote:
> Hi everyone...
> 
> As you may have seen in a previous email, we are looking at a campus
> deployment involving about 1000 users.  I'm considering the option of
> using a Cisco ASA 5540 and wondering about using either a CSC card or a
> AIP card and pros/cons for both?
> 
> The users will be responsible for running an anti-virus and spyware
> software etc but would like to ensure traffic hitting this device can
> block malicious traffic.  We have ordered a 5520 with AIP for our own
> use but haven't had a chance yet to see what all of it's capabilities
> are... I'm leaning towards IDS type functions... Any input? :)
> 
> Or, is a 7206VXR with inline IOS IPS just as sufficient and/or better in
> some regards??
> 
> Thanks very much,
> 
> Paul Stewart
> Network Administrator
> Nexicom Inc.
> http://www.nexicom.net/ 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 

-- 

Network stuff you didn't know....
http://www.networkoblivion.com

More information about the cisco-nsp mailing list