Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Cisco
  4. Cisco ASA 5585-X Adaptive Security Appliance
  5. Guía De Información

Cisco Cisco ASA 5585-X Adaptive Security Appliance Guía De Información

Descargar
Página de 25
 
 
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. 
Page 12 of 25 
● 
Fully qualified domain name (FQDN) or IP address of the primary or backup Cloud Web Security proxy 
servers 
● 
License hex keys 
Q.  Up to 10 percent of the employees in my organization are remote. How can I extend Cisco Cloud Web 
Security capabilities to those remote users? 
A.  Cisco Cloud Web Security capabilities are extended to remote users through the Cisco AnyConnect Secure 
Mobility Client. The AnyConnect client performs a split tunneling of web and VPN traffic to eliminate the need 
to backhaul Internet traffic to company headquarters, thereby supporting complex remote access use cases. 
For example, if a user is traveling from the United States to Japan, AnyConnect will automatically find the 
closest Cisco Cloud Web Security tower in Japan, even if the VPN tunnel is terminated to the U.S. 
headquarters location. 
Q.  How can I enforce Web 2.0 policies on personal handhelds such as iPhone and iPad devices? 
A.  The Cisco AnyConnect Secure Mobility Client launches the tunnel to the Cisco ASA head end. The ASA 
redirects part of tunnel traffic (ports 80 and 443) to the Cisco web security cloud for Web 2.0 application 
enforcement. This entire process is transparent to the end user. 
Q.  Is Cisco Cloud Web Security integration available on all Cisco ASA platforms? 
A.  Yes. Cisco Cloud Web Security integration is available on all currently shipping Cisco ASA appliance 
platforms, including the Cisco ASA 5500 Series, the Cisco ASA 5500-X Series, the Cisco ASA 5585-X 
platform, and the Cisco Catalyst 6500 Series ASA Services Module. It is not yet available on the Cisco ASA 
1000V Cloud Firewall. 
Q.  How does this integration achieve high availability? 
A.  There are two pieces to high availability (HA): the Cisco Cloud Web Security Tower HA and Cisco ASA 
HWhen you configure Cisco Cloud Web Security tower information, you can configure a backup Cisco Cloud 
Web Security tower, which automatically redirects web traffic to the secondary tower if the primary tower goes 
down. If you are using Cisco ASA HA, the entire system, including the ASA and the Cisco Cloud Web Security 
tower, can achieve full redundancy in either active/passive or active/active mode. In exceptional 
circumstances, if both Cisco Cloud Web Security towers are unavailable (because Internet connectivity is lost, 
for example), the ASA can be configured to either fail-open or fail-close. 
Q.  Where do I go for more information on the integrated Cisco Cloud Web Security? 
A.  More information on Cisco Cloud Web Security web application visibility and control can be found at: 
 
Management 
Q.  How do I manage Cisco ASA 5500-X Series and 5585-X Next-Generation Firewalls? 
A.  You have several options for managing the Cisco ASA 5500-X Series firewalls: 
● 
Cisco Security Manager 4.3 or later, an off-box GUI management application, is available for managing 
most of your physical network security infrastructure. The upgrade path from Cisco Security Manager 3.x to 
4.3 and later is discusse
● 
Command-line interface (CLI) 
● 
Cisco Adaptive Security Device Manager (ASDM), the ASA on-box management application