Cisco Cisco Web Security Appliance S670 User Guide
3-4
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 3 Deployment
Deploying the Web Proxy in Explicit Forward Mode
•
T1 only connected (duplex). When you configure the appliance to use duplex communication,
connect T1 to the network so it receives all incoming and outgoing traffic.
connect T1 to the network so it receives all incoming and outgoing traffic.
•
T1 and T2 connected (simplex). When you configure the appliance to use simplex communication,
connect T1 to the network so it receives all outgoing traffic (from the clients to the Internet), and
connect T2 to the network so it receives all incoming traffic (from the Internet to the clients).
connect T1 to the network so it receives all outgoing traffic (from the clients to the Internet), and
connect T2 to the network so it receives all incoming traffic (from the Internet to the clients).
For more information about how to connect the L4 Traffic Monitor ports to the network, see
.
Example Deployment
shows a sample deployment scenario with both the Web Proxy and L4 Traffic
Monitor enabled. In this example, the Web Proxy is deployed in transparent mode and only the P1 port
is connected to either a Layer 4 switch or a WCCP router.
is connected to either a Layer 4 switch or a WCCP router.
Figure 3-2
Web Security Appliance Deployment Scenario
Deploying the Web Proxy in Explicit Forward Mode
When the appliance is configured as an explicit forward proxy, client applications must be configured to
direct its traffic to the appliance. When you want to configure the Web Proxy in explicit forward mode,
you must configure the following components:
direct its traffic to the appliance. When you want to configure the Web Proxy in explicit forward mode,
you must configure the following components:
•
Client applications
•
Appliance ports
Tip
If your organization needs to use explicit forward mode now, but might need transparent mode in the
future, consider deploying the Web Proxy in transparent mode and then choosing Layer 4 switch as the
connection type. If you do not have an Layer 4 switch, you can connect the appliance to the network
normally and the appliance will work in explicit forward mode. When the Web Proxy is deployed in
transparent mode, it can accept both transparently redirected and explicitly forwarded transactions. To
use transparent mode in the future, you can connect the appliance to an Layer 4 switch and it will work
in transparent mode without needing to change the Web Proxy mode later. However, it is easy to change
the deployment mode at any time on the Security Services > Web Proxy page.
future, consider deploying the Web Proxy in transparent mode and then choosing Layer 4 switch as the
connection type. If you do not have an Layer 4 switch, you can connect the appliance to the network
normally and the appliance will work in explicit forward mode. When the Web Proxy is deployed in
transparent mode, it can accept both transparently redirected and explicitly forwarded transactions. To
use transparent mode in the future, you can connect the appliance to an Layer 4 switch and it will work
in transparent mode without needing to change the Web Proxy mode later. However, it is easy to change
the deployment mode at any time on the Security Services > Web Proxy page.