Cisco Cisco ScanSafe Web Security Fascicule
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 6
When To Redirect Traffic Using Direct-To-Tower Methods
Customers who do not have an ASA or ISR in their environment should send traffic directly using PAC files, third-
party proxies or explicit browser settings. Direct-To-Tower methods can be used with EasyID and SAML to capture
user identity.
party proxies or explicit browser settings. Direct-To-Tower methods can be used with EasyID and SAML to capture
user identity.
Choosing between the CWS Connector and the WSAv Connector
The selection process between these two options depends primarily on whether customers want to redirect traffic
transparently to CWS. Figure 2 outlines the selection process, based on the two most important criteria: proxy type
and sizing requirements.
transparently to CWS. Figure 2 outlines the selection process, based on the two most important criteria: proxy type
and sizing requirements.
Figure 2: Choosing between CWS and WSAv Connectors
CWS Features Supported By Traffic Redirection Options
Table 1 below lists the Cloud Web Security features supported when using a specific traffic redirection option
.
CWS Feature
ASA
Connector
ISR-G2
Connector
ISR-4K
Connector
WSA
Connector
Native
Connector
Hosted
PAC File
AnyConnect
Mobile
Browser
HTTPS Inspection
(MITM)
(MITM)
1
Supported across all redirection options
Web Filtering
Exceptions
Exceptions
Supported across all redirection options
URL
Categorization
Categorization
Supported across all redirection options
Application
Visibility and
Control Feature
Visibility and
Control Feature
Supported across all redirection options
URL Dynamic
Classification
Classification
Supported across all redirection options
Customizable
Notifications
Notifications
Supported across all redirection options
Outbreak
Intelligence
Intelligence
Supported across all redirection options
Cloud Whitelisting
No
Yes
Yes
No
No
No
Yes
Yes
AUP
2
No
No
No
No
Yes
No
No
Yes
Quotas
3
No
No
No
No
Yes
No
No
No
Table 1: Supported CWS Features
CWS Connector
WSA or WSAv
Connector
Yes
Yes
No
No
Is Transparent
Traffic Redirection
required?
Are there more
than 2000 Users to
Support?