Cisco Cisco ScanSafe Web Security Fascicule

 

 

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. 

Page 3 of 6 

When To Redirect Traffic Using Direct-To-Tower Methods 

Customers who do not have an ASA or ISR in their environment should send traffic directly using PAC files, third-
party proxies or explicit browser settings. Direct-To-Tower methods can be used with EasyID and SAML to capture 
user identity. 

Choosing between the CWS Connector and the WSAv Connector 

The selection process between these two options depends primarily on whether customers want to redirect traffic 
transparently to CWS. Figure 2 outlines the selection process, based on the two most important criteria: proxy type 
and sizing requirements. 

 

Figure 2: Choosing between CWS and WSAv Connectors

 

CWS Features Supported By Traffic Redirection Options 

Table 1 below lists the Cloud Web Security features supported when using a specific traffic redirection option

. 

HTTPS Inspection 
(MITM)

 1

 

Supported across all redirection options 

Web Filtering 
Exceptions 

Supported across all redirection options 

URL 
Categorization 

Supported across all redirection options 

Application 
Visibility and 
Control Feature 

Supported across all redirection options 

URL Dynamic 
Classification 

Supported across all redirection options 

Customizable 
Notifications 

Supported across all redirection options 

Outbreak 
Intelligence 

Supported across all redirection options 

Cloud Whitelisting 

No 

Yes 

Yes 

No 

No 

No 

Yes 

Yes 

AUP 

2

 

No 

No 

No 

No 

 
 
 
 
 
 
 

Yes 

No 

No 

Yes 

Quotas 

3

 

No 

No 

No 

No 

Yes 

No 

No 

No 

Table 1: Supported CWS Features

 

CWS Connector

 

WSA or WSAv 

Connector

 

 

 

Yes

 

Yes

 

No

 

No

 

Is  Transparent 

Traffic Redirection 

required?

 

Are there more 

than 2000 Users to 

Support?