Cisco Cisco ScanSafe Web Security Fascicule

 

 

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. 

Page 2 of 6 

Overview 

This document provides guidance on selecting a mechanism for redirecting web traffic to Cisco Cloud Web 
Security (CWS). 

The traffic redirection methods currently in use by customers are: 

 

ASA platforms 

 

ISR platforms 

 

CWS Connector 

 

WSA Connector 

 

Direct-To-Tower methods (Hosted PAC files, third-party proxies, explicit browser configuration) 

 

AnyConnect 

 

Selecting a Method to Redirect Web Traffic 

The process of selecting a traffic redirection method is captured in Figure 1 below, and is applicable to most 
customer environments. 
 

 

 

Figure 1: Traffic redirection methods

 

Customers who own Cisco hardware (ISR, ASA, or WSA) are encouraged to leverage the integrated traffic 
redirection capabilities of their platforms. For all other environments, the choice of traffic redirection is between the 
CWS Connector, the WSAv Connector or Direct-To-Tower methods. 

Customer Needs to 

Support Roaming 

Users

 

Customer  Owns 

Cisco Hardware (ISR, 

ASA, WSA)

 

Customer Does Not 

Own Cisco Hardware

 

Use AnyConnect

 

Use Existing 

Cisco Hardware

 

Needs 

Transparent 

Redirection 

(WCCP)

 

Needs Explicit 

Proxy

 

OR, if AUP, Quotas, SSL 

Tunneling is required

 

OR, if High Performance, 

WCCP, NTLMv2, Local 

Logging are required

 

OR, if Virtual Form Factor 

is required

 

WSAv Connector

 

Direct-to-Tower (PAC file, 

third-party proxies)

 

OR, if User Granularity is 

required

 

CWS Connector

 

CWS Connector

 

WSA Connector 

 

WSAv 

Connector 

 

Redirection Method 

Step 

Legend