Cisco Cisco Web Security Appliance S170 Guía Del Usuario
3-5
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 3 Deployment
Deploying the Web Proxy in Transparent Mode
Configuring Client Applications
You must configure all client applications, such as web browsers and FTP clients, used on the network
to point to the Web Proxy. You can configure each client in the following ways:
to point to the Web Proxy. You can configure each client in the following ways:
•
Manual. Configure each client application to point the appliance Web Proxy by specifying the
appliance hostname or IP address and the port number, such as 3128, used for listening to data
traffic.
appliance hostname or IP address and the port number, such as 3128, used for listening to data
traffic.
•
Automatic. Configure each client application to use a PAC file to detect the appliance Web Proxy
automatically. Then you can edit the PAC file to specify the appliance Web Proxy information. PAC
files work with web browsers only. For more information, see
automatically. Then you can edit the PAC file to specify the appliance Web Proxy information. PAC
files work with web browsers only. For more information, see
Connecting Appliance Interfaces
You can connect the P1 interface or both the P1 and P2 interfaces to a network switch using an Ethernet
cable. You do not need special hardware, such as a particular switch or router. For more information
about how to connect the data interfaces (P1 and P2), see
cable. You do not need special hardware, such as a particular switch or router. For more information
about how to connect the data interfaces (P1 and P2), see
.
Testing an Explicit Forward Configuration
If you want to test an explicit forward proxy configuration, you can separate and forward traffic from a
subset of your network infrastructure. To individually test this configuration, clients can forward traffic
to the appliance from one web browser and connect to the Internet using another web browser. This
method also ensures an alternate path to the Internet while testing.
subset of your network infrastructure. To individually test this configuration, clients can forward traffic
to the appliance from one web browser and connect to the Internet using another web browser. This
method also ensures an alternate path to the Internet while testing.
Deploying the Web Proxy in Transparent Mode
When the appliance is configured as a transparent proxy, client applications are not aware that their
traffic gets redirected to the appliance, and they do not need to be configured to point to the appliance.
To deploy the appliance in this mode, you need one of the following types of hardware to transparently
redirect web traffic to the appliance:
traffic gets redirected to the appliance, and they do not need to be configured to point to the appliance.
To deploy the appliance in this mode, you need one of the following types of hardware to transparently
redirect web traffic to the appliance:
•
WCCP v2 router. When you specify a WCCP router, you need to configure additional settings on
the appliance. For more information about using the appliance with a WCCP router, see
the appliance. For more information about using the appliance with a WCCP router, see
•
Layer 4 switch. When you specify an Layer 4 switch, you only need to specify that the appliance
is connected to a Layer 4 switch when you configure the appliance. You do not need to configure
anything else on the appliance.
is connected to a Layer 4 switch when you configure the appliance. You do not need to configure
anything else on the appliance.
Typically, you configure the appliance to use an Layer 4 switch or a WCCP v2 router during initial
system setup. However, you can configure it to use either an Layer 4 switch or a WCCP v2 router anytime
after initial setup on the Network > Transparent Redirection page. For more information about the
Network > Transparent Redirection page, see
system setup. However, you can configure it to use either an Layer 4 switch or a WCCP v2 router anytime
after initial setup on the Network > Transparent Redirection page. For more information about the
Network > Transparent Redirection page, see
.