User Info

Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: Difference between WSA and ASA_firepower?  (Read 13110 times)

Offline hanumyhelper

  • Cisco Newbie
  • *
  • Posts: 1
  • Reputation: 0
  • Certification: CCIE
Difference between WSA and ASA_firepower?
« on: March 31, 2016, 11:24:49 PM »
Hello Guys,
I want to know what is the difference between having a dedicated web filtering devise like WSA (ironport) and having a NGFW Cisco ( ASA+firepower) ? I think we can achieve same thing in the NGFW that is being done by Ironport , under what cases once should go for WSA Ironport if he has NGFW in his network?

Other concern is,
I want to learn WSA,ESA and ISE , can you please advise what would be  the approach on this ?


Offline gvoden

  • Cisco Newbie
  • *
  • Posts: 23
  • Reputation: 4
  • Certification: N/A
Re: Difference between WSA and ASA_firepower?
« Reply #1 on: April 01, 2016, 02:26:55 PM »
As far as I know WSA is a traditional Web proxy (like Bluecoat or even the ISA/TMG proxy that Microsoft used to have). What this means is, no advanced routing capabilities, and most likely no ability to intercept a lot of non HTTP/S traffic. I would say the WSA can be used in environments where it's replacing an existing Web proxy. Otherwise I would do the URL filtering and threat inspection on a NGFW.

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 400
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Difference between WSA and ASA_firepower?
« Reply #2 on: April 04, 2016, 08:38:02 PM »
+1 to what gvoden said. WSA was specifically design for web-based applications, although I believe it might also process other basic applications like ftp as well. You usually only redirect TCP80/443 to WSA. Some of the things WSA does that FP does not are content caching, ICAP DLP support, and some other web features. FP obviously does IPS, Malware, AVC even for non-80/443 traffic. There was discussion on another thread about someone had performance issue on FP and had to go with WSA. Whether you go with WSA or FP usually comes down to your requirement and existing investment of the product.
In terms of training, unless you are Cisco partner, your best option is probably taking class from Cisco learning partner.


Related Topics

  Subject / Started by Replies Last post
1 Replies
Last post December 05, 2013, 08:45:20 PM
by MC
3 Replies
Last post December 23, 2015, 02:10:04 AM
by davidferns7
3 Replies
Last post April 28, 2016, 09:28:17 PM
by MC

SimplePortal 2.3.7 © 2008-2024, SimplePortal