Cisco Cisco Web Security Appliance S690 Guía De Instalación
Deployment Options
❏ Web Proxy
❏ Transparent with L4 Switch
❏ Transparent with WCCP Router
❏ Explicit Forward Proxy
❏ Transparent with L4 Switch
❏ Transparent with WCCP Router
❏ Explicit Forward Proxy
❏ L4 Traffi c Monitor
❏ Simplex tap
❏ Duplex tap
Network Context
Is there another proxy on the network?
❏ No Yes ❏ in Transparent Mode ❏ In Forward Mode
Other Proxy in For ward Mode:
IP address and Por t:
Network Settings
Default System Hostname:
DNS Ser vers
❏ Use the Internet’s root DNS servers
❏ Use these DNS servers (maximum 3):
❏ Use these DNS servers (maximum 3):
1.
2.
3.
2.
3.
Network Time Protocol (NTP) ser ver:
IP address and host name:
Time Zone Region:
Region: Countr y: GMT Offset:
Interface Settings
Management Inter face M1 Ethernet por t only
IP address:
Network mask:
Host name:
Network mask:
Host name:
NOTE: The Web Proxy can share the Management inter face. If confi gured separately, the Data inter face IP address and the Management
inter face IP address cannot share the same subnet.
inter face IP address cannot share the same subnet.
Data Inter face
IP address:
Network mask:
Host name:
Network mask:
Host name:
Routes
Internal Routes for Management
Default Gateway:
Static Route Name:
Static Route Destination Network:
Static Route Gateway:
Static Route Name:
Static Route Destination Network:
Static Route Gateway:
I
nternal Routes for Data
Default Gateway:
Static Route Name:
Static Route Destination Network:
Static Route Gateway:
Static Route Name:
Static Route Destination Network:
Static Route Gateway:
Transparent Routing Device
Device type:
❏ Layer-4 switch ❏ WCCP router
NOTE: When you connect the appliance to a WCCP router, you must confi gure the Web Security appliance to create WCCP ser vices after
you run the System Setup Wizard.
you run the System Setup Wizard.
Administrative Settings
Administrative Password:
❏ AutoSupport
Send Email System Aler ts to:
Security Services
❏ IP Spoofi ng
L4 Traffi c Monitor:
L4 Traffi c Monitor:
❏ Monitor Only ❏ Block
❏ IronPort URL Filtering
❏ Web Reputation Filters
Malware and Spyware Scanning:
❏ Web Reputation Filters
Malware and Spyware Scanning:
❏ Enable Webroot
❏ Enable McAfee
Action for Detected Malware:
❏ Monitor Only ❏ Block
Action for Unscannable Transactions:
❏ Monitor Only ❏ Block
❏ SenderBase Network Participation
Par ticipation Level:
Par ticipation Level:
❏ Limited ❏ Standard
Networking Worksheet
IronPort S-Series Web Security Appliance
P/N 421-0098(B)
1
U N PA C K
2
P L A N T H E
I N S TA L L AT I O N
I N S TA L L AT I O N
IronPort S160
Web Security Appliance
The IronPort S-Series Web Security Appliance (WSA) integrates integrates seamlessly into any
corporate network to defend against a wide variety of web-based malware threats such as malware,
spyware, malicious system monitors, Trojans, phishing, and pharming. Additionally, the S-Series
appliance provides a next generation platform to control and monitor web traffi c that originates from
within the network.
corporate network to defend against a wide variety of web-based malware threats such as malware,
spyware, malicious system monitors, Trojans, phishing, and pharming. Additionally, the S-Series
appliance provides a next generation platform to control and monitor web traffi c that originates from
within the network.
Use this Quick Star t Guide to get the IronPor t S-Series appliance installed and running on your
network, and refer to the Deployment chapter in the Web Security Appliance User Guide for
information about how to confi gure appliance settings.
network, and refer to the Deployment chapter in the Web Security Appliance User Guide for
information about how to confi gure appliance settings.
Before you star t, make sure you have the following equipment:
• Rack cabinet enclosure
• RapidRails
TM
and adaptor kits
• 10/100/Gigabit BaseT TCP/IP local area network (LAN)
Note: The Networking Work-
sheet that is located toward
the back of this guide is a
useful prerequisite to running
the System Setup Wizard.
Ironpor t strongly recommends
using the Networking Work-
sheet to plan your deployment
and record the information
that you need to complete
the initial confi guration.
sheet that is located toward
the back of this guide is a
useful prerequisite to running
the System Setup Wizard.
Ironpor t strongly recommends
using the Networking Work-
sheet to plan your deployment
and record the information
that you need to complete
the initial confi guration.
Note: Cisco IronPor t recom-
mends that you contact a
sales engineer from your
Cer tifi ed VAR or Cisco IronPor t
to par ticipate in the planning
and implementation of the
install. Cisco IronPor t also
recommends that you contact
your sales engineer for any
installation questions.
mends that you contact a
sales engineer from your
Cer tifi ed VAR or Cisco IronPor t
to par ticipate in the planning
and implementation of the
install. Cisco IronPor t also
recommends that you contact
your sales engineer for any
installation questions.
• Documentation CD
• Safety and Compliance Guide
• Terms and Conditions of Use
Verify that the system box contains the following items:
Straight
Power
Cable
Ethernet
Cable
Null Modem
Cable
• IronPor t S-Series appliance
• Straight power cable
• Ethernet
TM
cable
• Null Modem cable
Decide how you are going to confi gure the appliance within your network.
The S-Series appliance is typically installed as an additional layer in the network between clients
and the Internet. Depending on how you deploy the appliance, you may or may not need a Layer 4
(L4) switch or a WCCP router to direct client traffi c to the appliance. Deployment options include:
and the Internet. Depending on how you deploy the appliance, you may or may not need a Layer 4
(L4) switch or a WCCP router to direct client traffi c to the appliance. Deployment options include:
• Transparent Proxy – Web proxy with an L4 switch
• Transparent Proxy – Web proxy with a WCCP router
• Explicit Forward Proxy – Connected to a network switch
• L4 Traffi c Monitor – Ethernet tap (simplex or duplex)
–
–
Simplex Mode: Por t T1 receives all outgoing traffi c and por t T2 receives all incoming traffi c.
–
Duplex Mode: Por t T1 receives all incoming and outgoing traffi c.
M
1
M
2
P1
P2
T1
T2
Clients
Ethernet tap
Simplex/Duplex
Firewall
Management PC
Internet
L4 switch
WCCP router
Note: To monitor true client IP addresses,
the L4 Traffi c Monitor should always be
confi gured inside the fi rewall and before
NAT (Network Address Translation).
the L4 Traffi c Monitor should always be
confi gured inside the fi rewall and before
NAT (Network Address Translation).