Cisco Cisco Web Security Appliance S360 User Guide

Enable only the proxy services you require.

Use the same forwarding and return method (either L2 or GRE) for all WCCP services defined in 
the Web Security appliance. This allows the proxy bypass list to work consistently.

Ensure that users cannot access PAC files from outside the corporate network. This allows your 
mobile workers to use the web proxy when they are on the corporate network and to connect directly 
to web servers at other times. 

Allow a web proxy to accept X-Forwarded-For headers from trustworthy downstream proxies or 
load balancers only.

Leave the web proxy in the default transparent mode, even if initially using only explicit forwarding. 
Transparent mode also accepts explicitly forwarded requests.

Review best practices.

(Optional) Perform follow up networking tasks:

Connect and configure upstream proxies.

Configure network interface ports.

Configure transparent redirection devices.

Configure TCP/IP routes.

Configure VLANs.

(Optional) Perform follow up Web Proxy tasks:

Configure the web proxy to operate in either Forward 
or Transparent mode.

Decide if additional services are needed for the 
protocol types you want to intercept

Configure IP spoofing.

Manage the web proxy cache.

Use custom web request headers.

Bypass the proxy for some requests.

Perform client tasks:

Decide how clients should redirect requests to the 
web proxy.

Configure clients and client resources.

(Optional) Enable and Configure the FTP proxy.