Cisco Cisco ScanSafe Web Security White Paper
Cisco CWS
– Standalone Deployment Guide
9
Test
Deploy
Prepare
The last
If
statement
:
if (isInNet(myIpAddress(), “192.168.1.0”, “255.255.255.0”))
is
employing the use of the myIPaddress function embedded in an isInNet function. This will allow you to
group computers by subnet to allow you to direct traffic to a particular tower. If your infrastructure can
support the myIPaddress function, then you can capitalize on this logic to mimimize the amount of PAC
files you need to use in your environment.
group computers by subnet to allow you to direct traffic to a particular tower. If your infrastructure can
support the myIPaddress function, then you can capitalize on this logic to mimimize the amount of PAC
files you need to use in your environment.
At the bottom of the PAC file, there is a lone return function
with
no
If
statement:
return
“PROXY
1.2.3.4:8080; PROXY 5.6.7.8
:8080”;. The return value is an order of proxy servers (i.e. tower) to direct
web traffic to. It is the browser instruction function of last resort. This means that if the web request should
not originate from a client, it will be forwarded to a tower instead.
not originate from a client, it will be forwarded to a tower instead.
Lastly, notice in the proxy string the proxy IP address port numbers are delineated by a semi-colon.
Host a PAC file in the cloud
Hosting your PAC file in the cloud is secure, as only clients originating from one of the scanning IPs
configured in the Cisco Cloud Web Security portal will be allowed access to the requested PAC file. It
also offers the convenience of being able to host up to 50 PAC files and 5 different versions of each PAC
file, as well as offering a single point of management for administrators. There is no need for supporting
infrastructure as everything is hosted in the cloud.
configured in the Cisco Cloud Web Security portal will be allowed access to the requested PAC file. It
also offers the convenience of being able to host up to 50 PAC files and 5 different versions of each PAC
file, as well as offering a single point of management for administrators. There is no need for supporting
infrastructure as everything is hosted in the cloud.
Reference video:
Step 1:
Go to the Control Panel and select Internet Options. Click on the Connections tab.
Step 2:
Click LAN settings. Check Use automatic configuration script.
Step 3:
In the address field, enter the host PAC URL as it appears in ScanCenter (See below).
Figure 2.1
Deployment Tip
Notice that the IP is
different than the IP of the
external IP output. This is
because the PAC file is
telling the browser to send
the web request to the
primary scanning tower in
the Cisco Cloud . The rest
of the world can only see
the outbound IP rather than
the true egress IP.
different than the IP of the
external IP output. This is
because the PAC file is
telling the browser to send
the web request to the
primary scanning tower in
the Cisco Cloud . The rest
of the world can only see
the outbound IP rather than
the true egress IP.