Cisco Cisco ScanSafe Web Security
Cisco CWS - ISR G2 Deployment Guide
1
Introduction
Integrating CWS with the ISR G2 appliance saves bandwidth, money and resources by intelligently
redirecting internet traffic from branch offices directly to the cloud to enforce security and control policies.
redirecting internet traffic from branch offices directly to the cloud to enforce security and control policies.
This document provides directions to redirect network traffic to CWS through the ISR G2.
*Note: we refer to our cloud proxies as towers. You will see the terms “proxy” and “tower” used
interchangeably throughout the document.
interchangeably throughout the document.
Cloud Deployment
Deployment is divided into the following three sections
Additional Redirect Methods
There are 4 additional redirection methods that have corresponding deployment guides. Deployment
guides for each redirection methods can be found
guides for each redirection methods can be found
, under Technical Collateral.
Redirection Method
Overview
Next Generation
Firewall (ASA/ASAv
with CWS Connector)
Firewall (ASA/ASAv
with CWS Connector)
Capitalize ASA investments by offloading content scanning to
Cisco’s cloud through CWS. Apply acceptable use policy to the
company, groups or individual users.
Cisco’s cloud through CWS. Apply acceptable use policy to the
company, groups or individual users.
Web Security
Appliance
(WSA/WSAv with
CWS Connector)
Appliance
(WSA/WSAv with
CWS Connector)
Integrate CWS and WSA to enable identity information to the
cloud and extend other on-premises enterprise features to Cloud
Web Security customers
cloud and extend other on-premises enterprise features to Cloud
Web Security customers
Cisco AnyConnect
Secure Mobility Client
(AnyConnect)
Secure Mobility Client
(AnyConnect)
Authenticate and redirect web traffic securely whenever the end
user is off the corporate network. CWS leverages cached user
credentials and directory information when they are away from
the office or VPN, ensuring that exactly the same web-usage
policies are applied.
user is off the corporate network. CWS leverages cached user
credentials and directory information when they are away from
the office or VPN, ensuring that exactly the same web-usage
policies are applied.
Standalone
Deployment
Deployment
Deploy a simple web security solution that does not require any
additional hardware.
additional hardware.
Connect to Cisco’s Cloud Web Security service
using existing browser settings and PAC/WPAD files.
Prepare
Deploy
Test