Cisco Cisco Web Security Appliance S670 User Guide
25-5
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 25 Configuring Network Settings
Configuring TCP/IP Traffic Routes
By default, both kinds of traffic use the routes defined for all configured network interfaces. However,
you can choose to split the routes (“split routing”) so that the M1 interface is only used for management
traffic. When you enable split routing, data traffic only uses the routes configured for the data interfaces
(P1 and P2, if configured), and management traffic uses the routes configured for all configured network
interfaces.
you can choose to split the routes (“split routing”) so that the M1 interface is only used for management
traffic. When you enable split routing, data traffic only uses the routes configured for the data interfaces
(P1 and P2, if configured), and management traffic uses the routes configured for all configured network
interfaces.
To enable split routing, use the “Restrict M1 port to appliance management services only” field on the
Network > Interfaces page. For more information, see
Network > Interfaces page. For more information, see
.
The number of sections on the Network > Routes page is determined by whether or not split routing is
enabled:
enabled:
•
Separate route configuration sections for Management and Data traffic (split routing enabled).
When you use the Management interface for management traffic only (“Restrict M1 port” is
enabled), then this page includes two sections to enter routes, one for management traffic and one
for data traffic.
When you use the Management interface for management traffic only (“Restrict M1 port” is
enabled), then this page includes two sections to enter routes, one for management traffic and one
for data traffic.
shows the Routes page when the option is enabled.
•
One route configuration section for all traffic (split routing enabled). When you use the
Management interface for both management and data traffic (“Restrict M1 port” is disabled), then
this page includes one section to enter routes for all traffic that leaves the Web Security appliance,
both management and data traffic.
Management interface for both management and data traffic (“Restrict M1 port” is disabled), then
this page includes one section to enter routes for all traffic that leaves the Web Security appliance,
both management and data traffic.
Note
A route gateway must reside on the same subnet as the Management or Data interface on which it is
configured.
configured.
Modifying the Default Route
You can modify the default gateway in the web interface or in the CLI using the
setgateway
CLI
command.
Note
The Web Proxy sends out transactions on the data interface that is on the same network as the default
gateway configured for data traffic.
gateway configured for data traffic.
To modify the default gateway in the web interface:
Step 1
Navigate to the Network > Routes page, and click on Default Route in the corresponding table.
Figure 25-1
Editing the Default Route
Step 2
In the Gateway column, enter the IP address of the computer system on the next hop of the network
connected to the network interface you are editing.
connected to the network interface you are editing.
Step 3
Submit and commit your changes.