Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3294
Views
2
Helpful
4
Replies

Cisco ASA w/ Firepower Services

rhogan727
Level 1
Level 1

‎06-10-2015 06:54 AM - edited ‎03-10-2019 12:26 AM

I just finished watching the video on this service. There seems to be quite a bit more functionality in the Cisco ASA w/Firepower services than CIsco's Cloud Web Services

They clearly compete with each other where the features overlap, but it seems to me that Cisco ASA w/Firepower Services would cover everything that CWS does. Am I correct? I guess put another way, why would you choose one of these services over the other?

Thanks,

Rob

Labels:
4 Replies 4

brremmel
Cisco Employee
Cisco Employee

‎06-11-2015 09:45 AM

Hi Rob,

Thanks for the question! Cloud Web Security is complementary to the ASA with FirePOWER Services. In fact, you can enable CWS on the ASA without any additional hardware. The firewall will then redirect select HTTP and HTTPS traffic to the CWS proxy servers to scan and allow, block or warn about traffic. You can read more about this integration here:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/protect-cloud-web-security.html#pgfId-1869743

Hope that helps!

Brian

0 Helpful

rhogan727
Level 1
Level 1
In response to brremmel

‎06-11-2015 02:15 PM

Brian,

Thanks for the response. We currently utilize CWS with our ASA's now. We put this in place some time back, mainly to replace a web filtering application we were using on premise. Certainly an additional layer would never hurt, however budgetary constraints would prevent both. I am trying to determine which would be the best solution if I have to choose only one. Any suggestions on what we would lose and/or gain by switching to using ASA with FirePOWER over CWS?

Thanks again,

Rob

0 Helpful

rtenor
Level 4
Level 4
In response to rhogan727

‎06-12-2015 09:22 AM

Hi Rob.

What you win/lose is "anywhere". ASA w/ FirePOWER is tied to a location. You can use CWS from anywhere through AnyConnect. You could check your web traffic if you're in the office, airport, home or where ever you are.

Regards.

Rafa.

0 Helpful

brremmel
Cisco Employee
Cisco Employee
In response to rhogan727

‎06-12-2015 09:27 AM

Rob,

I asked my colleague on the CWS team for her input and she said:

"The main thing he would lose if he currently has only CWS Essentials, which I assume is the case (it would be more if he has CWS Premium) is the ability to analyze https traffic. If he has a large concentration of this kind of traffic he might think twice about switching because the firewall won’t be able to analyze this traffic. There is extra malware protection on CWS, but the main thing to look at is the % of https traffic in his environment.

One the other hand, if he is more concerned with an inline stateful firewall functionality that can control port-hopping (or multi-protocol) applications such as Skype, he is better served with a firewall. This also, of course, includes the IPS functionality as well which CWS does not."

Brian

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents