Cisco Cisco Web Security Appliance S670 Information Guide

Contributed by Kei Ozaki and Siddharth Rajpathak, Cisco TAC
Engineers.

Jul 24, 2014

Which interface does Updates/Upgrade/DNS traffic originate from?

Environment: Cisco Web Security appliance (WSA), AsyncOS versions 6.0+, Multiple interfaces configured
on WSA

The interface which Web Security Appliance (WSA) uses for fetching updates/upgrades or for making DNS
requests would depend on how routing configured on WSA.

WSA has the ability to create two routing tables if enabled. Please login to your WSA via WebUI and
navigate under GUI > Network > Interfaces.You would see the option − "Separate Routing for
Management Services"

When this option is set to "No separate routing", WSA would use one routing table for all traffic.

• 

If this option is set to "Separate routing", WSA would have two routing tables. (referred to as split
mode)

• 

When separate routing is enabled, below are the two "Routing Tables" available on WSA

"Routes for Management Traffic"

1. 

"Routes for Data Traffic"

2. 

"Data Traffic" is considered to be traffic relating to proxy. Below are some examples of what is considered as
"Data Traffic":

The default gateway/interface which WSA would use to send outbound HTTP requests (proxied
requests)

• 

HTTP responses from WSA to client

• 

WCCP negotiation packets would also be considered to be "Data Traffic".

• 

Other traffic, typically originating from WSA itself, is considered to be "Management Traffic". User can
selectively set which routing table should be used for some of these requests. DNS requests,updates and
upgrades are an example of these types of traffic.

We can configure the routing table to be used for DNS traffic under GUI −> Network −> DNS.

1.