Cisco Cisco Web Security Appliance S160 Guía Del Usuario
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
25-5
Cisco IronPort AsyncOS 7.5 for Web User Guide
Chapter 25 Configuring Network Settings
Configuring TCP/IP Traffic Routes
Note
Cisco recommends using simplex when possible because it can increase performance and
security.
security.
Step 6
Submit and commit your changes.
Configuring TCP/IP Traffic Routes
You can define routes for appliance traffic, add static routes, load IP routing tables, and modify the
default gateway using the Network > Routes page or the
default gateway using the Network > Routes page or the
routeconfig
command.
Routes are used for determining where to send traffic (routing traffic). The Web Security appliance needs
to route the following kinds of traffic:
to route the following kinds of traffic:
•
Data traffic. Traffic the Web Proxy processes from end users browsing the web.
•
Management traffic. Traffic created by managing the appliance through the web interface and
traffic the appliance creates for management services, such as AsyncOS upgrades, component
updates, DNS, authentication, and more.
traffic the appliance creates for management services, such as AsyncOS upgrades, component
updates, DNS, authentication, and more.
By default, both kinds of traffic use the routes defined for all configured network interfaces. However,
you can choose to split the routes (“split routing”) so that the M1 interface is only used for management
traffic. When you enable split routing, data traffic only uses the routes configured for the data interfaces
(P1 and P2, if configured), and management traffic uses the routes configured for all configured network
interfaces.
you can choose to split the routes (“split routing”) so that the M1 interface is only used for management
traffic. When you enable split routing, data traffic only uses the routes configured for the data interfaces
(P1 and P2, if configured), and management traffic uses the routes configured for all configured network
interfaces.
To enable split routing, use the “Restrict M1 port to appliance management services only” field on the
Network > Interfaces page. For more information, see
Network > Interfaces page. For more information, see
.
The number of sections on the Network > Routes page is determined by whether or not split routing is
enabled:
enabled:
•
Separate route configuration sections for Management and Data traffic (split routing enabled).
When you use the Management interface for management traffic only (“Restrict M1 port” is
enabled), then this page includes two sections to enter routes, one for management traffic and one
for data traffic.
When you use the Management interface for management traffic only (“Restrict M1 port” is
enabled), then this page includes two sections to enter routes, one for management traffic and one
for data traffic.
shows the Routes page when the option is enabled.
•
One route configuration section for all traffic (split routing enabled). When you use the
Management interface for both management and data traffic (“Restrict M1 port” is disabled), then
this page includes one section to enter routes for all traffic that leaves the Web Security appliance,
both management and data traffic.
Management interface for both management and data traffic (“Restrict M1 port” is disabled), then
this page includes one section to enter routes for all traffic that leaves the Web Security appliance,
both management and data traffic.
Note
A route gateway must reside on the same subnet as the Management or Data interface on which it is
configured.
configured.
Modifying the Default Route
You can modify the default gateway in the web interface or in the CLI using the
setgateway
CLI
command.