Cisco Cisco Web Security Appliance S170 Guía Del Usuario
Chapter 3 Deployment
Deploying the L4 Traffic Monitor
3-16
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Explicit Forward Upstream Proxy
If the upstream proxy is in explicit forward mode, consider the following rules and
guidelines:
guidelines:
•
You must enter the IP address or hostname and port of the upstream proxy.
•
Consider whether the hostname of the upstream proxy resolves to multiple IP
addresses. The Web Security appliance only queries the DNS server for the
IP address at startup. If an IP address is added or removed from that
hostname, the proxy must restart to resolve and add the hostname to the new
set of IP addresses.
addresses. The Web Security appliance only queries the DNS server for the
IP address at startup. If an IP address is added or removed from that
hostname, the proxy must restart to resolve and add the hostname to the new
set of IP addresses.
•
If the upstream proxy manages user authentication or access control using
proxy authentication, you must enable the X-Forwarded-For header to send
the client host header to the upstream proxy. Use the Security Services > Web
Proxy page to enable the X-Forwarded-For header setting.
proxy authentication, you must enable the X-Forwarded-For header to send
the client host header to the upstream proxy. Use the Security Services > Web
Proxy page to enable the X-Forwarded-For header setting.
•
If you want to send authentication credentials to an upstream proxy when the
Web Security appliance is deployed in explicit forward mode, you must
configure the Web Proxy to forward authorization request headers to a parent
proxy server using the
Web Security appliance is deployed in explicit forward mode, you must
configure the Web Proxy to forward authorization request headers to a parent
proxy server using the
advancedproxyconfig > authentication
CLI
command.
Note
By default, the Web Proxy does not forward proxy authorization headers
to upstream proxy servers for security reasons.
to upstream proxy servers for security reasons.
•
If the upstream proxy manages client traffic using a PAC file or a login script,
you must update these files to use the IP address or hostname of the Web
Security appliance.
you must update these files to use the IP address or hostname of the Web
Security appliance.
Deploying the L4 Traffic Monitor
L4 Traffic Monitor (L4TM) deployment is independent of the Web Proxy
deployment. When connecting and deploying the L4 Traffic Monitor, consider the
following:
deployment. When connecting and deploying the L4 Traffic Monitor, consider the
following:
•
Physical connection. You can choose how to connect the L4 Traffic Monitor
to the network. For more information, see
to the network. For more information, see
.