Cisco ASA CSC-SSM url filtering, anyone use it?

Toggle sidebar Toggle sidebar
Z

Zargon

Lifer
Nov 3, 2009
12,218
2
76
looking for more info/a review

need a web filtering appliance, that can do 20Mbps+ of throughput to put on a business cable modem.

all routing is being handled by a VXR7206, just need something that will do url filtering, and the smae price bracket of Barracuda's will only do 10Mbps

I just can't find reviews or descriptions of what they are really doing, looking for MS ISA/barracuda web filter style interfaces
 
RadiclDreamer

RadiclDreamer

Diamond Member
Aug 8, 2004
8,622
40
91
The SSM works ok, but doesnt really hold up incredibly well under heavy load. Are you wanting this strictly an appliance or have you considered Squid?
 
Z

Zargon

Lifer
Nov 3, 2009
12,218
2
76
boss wants an appliance. either full standalone or part of a security appliance

how heavy of load, we are looking at maybe 30 users tops, more like 15-20 99% of the time.
 
T

theevilsharpie

Platinum Member
Nov 2, 2009
2,322
14
81
I've got a customer with a Barracuda Web Filter 310, and I can confirm that it's capable of doing more than 10Mbps. The rating on their site must be every possible filtering option enabled.

If you just need a web filtering appliance, a FortiGate-60C will meet your performance requirements. You can set it up as a transparent bridge, so you wouldn't have to modify how your network routes. The one weak area of the FortiGate is reporting, but for the price of a Barracuda or Cisco ASA w/ module, you can purchase a FortiGate along with the FortiAnalyzer to solve that problem.
 
Z

Zargon

Lifer
Nov 3, 2009
12,218
2
76
theevilsharpie said:
I've got a customer with a Barracuda Web Filter 310, and I can confirm that it's capable of doing more than 10Mbps. The rating on their site must be every possible filtering option enabled.

If you just need a web filtering appliance, a FortiGate-60C will meet your performance requirements. You can set it up as a transparent bridge, so you wouldn't have to modify how your network routes. The one weak area of the FortiGate is reporting, but for the price of a Barracuda or Cisco ASA w/ module, you can purchase a FortiGate along with the FortiAnalyzer to solve that problem.
Click to expand...

I dont see the fortigate page mentioning the web filtering aspects of it, just the firewall stuff


edit: never mind, just read that its built into all fortigate products.

so you have had good experiences with it eh? is the configuration of the firewall stuff good/easy?

I have an ASA 5505 with Security Plus sitting here, but its still in the return window. I def wouldnt need it with the 60C
 
Nothinman

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
I have very limited experience with the CSC modules, but the few customers we have with them have had a myriad of problems. I'm pretty sure we eventually had to set all of them to fail open because they failed so often requiring someone to log into the ASA and reset the module.
 
T

theevilsharpie

Platinum Member
Nov 2, 2009
2,322
14
81
Zargon said:
I dont see the fortigate page mentioning the web filtering aspects of it, just the firewall stuff


edit: never mind, just read that its built into all fortigate products.

so you have had good experiences with it eh? is the configuration of the firewall stuff good/easy?

I have an ASA 5505 with Security Plus sitting here, but its still in the return window. I def wouldnt need it with the 60C
Click to expand...

I find the FortiGate to be pretty straightforward to set up and use, but then again, I've been using them for years. Most everything you'll want to do can be done using a web-based GUI. It also has a CLI if you need it, but I rarely use it.

One thing I very much appreciate with FortiGate is their simplified licensing. FortiGate has an annual subscription to their services (such as web filtering), and an annual support contract. There are no limits on users or connections or any of the other crap that other vendors like to pull; I can do as much with a Fortigate device as the hardware can support. As such, I've had the freedom to be very flexible in my configurations with FortiGate units that wouldn't have been possible if usage of the device was artificially restricted.
 
Z

Zargon

Lifer
Nov 3, 2009
12,218
2
76
wow the analyzer hardware cost more than the firewall :p

still cheaper than the asa 5505 + barracuda or the 5510(which sounds not so awesome anyways)
 
RadiclDreamer

RadiclDreamer

Diamond Member
Aug 8, 2004
8,622
40
91
Zargon said:
boss wants an appliance. either full standalone or part of a security appliance

how heavy of load, we are looking at maybe 30 users tops, more like 15-20 99% of the time.
Click to expand...

This should be more than fine, the issues ive had are hangs and slowdown when under heavy load, but this is with a few hundred users.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom