Cisco Cisco ScanSafe Web Security Fascicule
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 6
Overview
This document provides guidance on selecting a mechanism for redirecting web traffic to Cisco Cloud Web
Security (CWS).
Security (CWS).
The traffic redirection methods currently in use by customers are:
ASA platforms
ISR platforms
CWS Connector
WSA Connector
Direct-To-Tower methods (Hosted PAC files, third-party proxies, explicit browser configuration)
AnyConnect
Selecting a Method to Redirect Web Traffic
The process of selecting a traffic redirection method is captured in Figure 1 below, and is applicable to most
customer environments.
customer environments.
Figure 1: Traffic redirection methods
Customers who own Cisco hardware (ISR, ASA, or WSA) are encouraged to leverage the integrated traffic
redirection capabilities of their platforms. For all other environments, the choice of traffic redirection is between the
CWS Connector, the WSAv Connector or Direct-To-Tower methods.
redirection capabilities of their platforms. For all other environments, the choice of traffic redirection is between the
CWS Connector, the WSAv Connector or Direct-To-Tower methods.
Customer Needs to
Support Roaming
Users
Customer Owns
Cisco Hardware (ISR,
ASA, WSA)
Customer Does Not
Own Cisco Hardware
Use AnyConnect
Use Existing
Cisco Hardware
Needs
Transparent
Redirection
(WCCP)
Needs Explicit
Proxy
OR, if AUP, Quotas, SSL
Tunneling is required
OR, if High Performance,
WCCP, NTLMv2, Local
Logging are required
OR, if Virtual Form Factor
is required
WSAv Connector
Direct-to-Tower (PAC file,
third-party proxies)
OR, if User Granularity is
required
CWS Connector
CWS Connector
WSA Connector
WSAv
Connector
Selected Traffic
Redirection Method
Selection Process
Step
Legend