Lab Minutes Forum
Technical Discussion => Security => Topic started by: hanumyhelper on March 31, 2016, 11:24:49 PM
-
Hello Guys,
I want to know what is the difference between having a dedicated web filtering devise like WSA (ironport) and having a NGFW Cisco ( ASA+firepower) ? I think we can achieve same thing in the NGFW that is being done by Ironport , under what cases once should go for WSA Ironport if he has NGFW in his network?
Other concern is,
I want to learn WSA,ESA and ISE , can you please advise what would be the approach on this ?
Thanks,
Prashant
-
As far as I know WSA is a traditional Web proxy (like Bluecoat or even the ISA/TMG proxy that Microsoft used to have). What this means is, no advanced routing capabilities, and most likely no ability to intercept a lot of non HTTP/S traffic. I would say the WSA can be used in environments where it's replacing an existing Web proxy. Otherwise I would do the URL filtering and threat inspection on a NGFW.
-
+1 to what gvoden said. WSA was specifically design for web-based applications, although I believe it might also process other basic applications like ftp as well. You usually only redirect TCP80/443 to WSA. Some of the things WSA does that FP does not are content caching, ICAP DLP support, and some other web features. FP obviously does IPS, Malware, AVC even for non-80/443 traffic. There was discussion on another thread about someone had performance issue on FP and had to go with WSA. Whether you go with WSA or FP usually comes down to your requirement and existing investment of the product.
In terms of training, unless you are Cisco partner, your best option is probably taking class from Cisco learning partner.