Cisco Cisco Web Security Appliance S670 User Guide
3-2
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 3 Deployment
Appliance Interfaces
Preparing for Deployment
Before installing the Web Security appliance, read through the following questions and use the responses
to each question to help you decide how to deploy the appliance and where to locate it in your network.
Each response includes a reference to a different section that covers the response in more detail.
to each question to help you decide how to deploy the appliance and where to locate it in your network.
Each response includes a reference to a different section that covers the response in more detail.
1.
Will you deploy the Web Security appliance as a transparent proxy or an explicit forward proxy?
–
Explicit Forward Proxy. Client applications, such as web browsers, are aware of the Web
Proxy and must be configured to point to a single Web Security appliance. This deployment
requires a connection to a standard network switch. When you deploy the Web Proxy in explicit
forward mode, you can place it anywhere in the network. For more information, see
Proxy and must be configured to point to a single Web Security appliance. This deployment
requires a connection to a standard network switch. When you deploy the Web Proxy in explicit
forward mode, you can place it anywhere in the network. For more information, see
.
–
Transparent Proxy. Clients applications are unaware of the Web Proxy and do not have to be
configured to connect to the proxy. This deployment requires an Layer 4 switch or a WCCP v2
router. For more information, see
configured to connect to the proxy. This deployment requires an Layer 4 switch or a WCCP v2
router. For more information, see
.
Note
A Layer 4 switch is a switch capable of doing policy based routing.
2.
Does the network have an existing proxy?
If yes, it is recommended you deploy the Web Security appliance downstream from an existing
proxy server, meaning closer to the clients. The System Setup Wizard refers to this as an upstream
proxy configuration.
proxy server, meaning closer to the clients. The System Setup Wizard refers to this as an upstream
proxy configuration.
For more information, see
.
3.
Will you enable the L4 Traffic Monitor?
L4 Traffic Monitor deployment is independent of the Web Proxy deployment. You can connect the
L4 Traffic Monitor to a network tap or the mirror/span port of a switch.
L4 Traffic Monitor to a network tap or the mirror/span port of a switch.
For more information, see
.
Appliance Interfaces
The Web Security appliance includes six physical Ethernet ports on the back of the system. Each
Ethernet port corresponds to a different network interface. The Ethernet ports are grouped into the
following types of network interfaces:
Ethernet port corresponds to a different network interface. The Ethernet ports are grouped into the
following types of network interfaces:
•
Management. The Management interfaces include M1 and M2. However, only the M1 interface is
enabled on the appliance. For more information, see
enabled on the appliance. For more information, see
.
•
Data. The Data interfaces include P1 and P2. Use the Data interfaces for Web Proxy data traffic. For
more information, see
more information, see
•
L4 Traffic Monitor. The L4 Traffic Monitor interfaces include T1 and T2. Use these interfaces for
monitoring and blocking L4 Traffic Monitor traffic. For more information, see
monitoring and blocking L4 Traffic Monitor traffic. For more information, see
.
shows the Ethernet ports on the back of the Web Security appliance blade.