Cisco Cisco Web Security Appliance S170 Guida Utente

Network address translation (NAT). When configuring the L4 Traffic Monitor, connect it at a 
point in your network where it can see as much network traffic as possible before getting out of your 
egress firewall and onto the Internet. It is important that the L4 Traffic Monitor be ‘logically’ 
connected after the proxy ports and before any device that performs network address translation 
(NAT) on client IP addresses.

L4 Traffic Monitor action setting. The default setting for the L4 Traffic Monitor is monitor only. 
After setup, if you configure the L4 Traffic Monitor to monitor and block suspicious traffic, ensure 
that the L4 Traffic Monitor and the Web Proxy are configured on the same network so that all clients 
are accessible on routes that are configured for data traffic. 

You can connect the L4 Traffic Monitor to the network in any of the following ways:

Network tap. When you use a network tap, you can choose the following communication types:

Simplex. This communication type uses one cable for all traffic between clients and the 
appliance, and one cable for all traffic between the appliance and external connections. Connect 
port T1 to the network tap so it receives all outgoing traffic (from the clients to the Internet), 
and connect port T2 to the network tap so it receives all incoming traffic (from the Internet to 
the clients).

Duplex. This mode uses one cable for all incoming and outgoing traffic. You can use half- or 
full-duplex Ethernet connections. Connect port T1 to the network tap so it receives all incoming 
and outgoing traffic.

Cisco recommends using simplex when possible because it can increase performance and 
security.

Span/mirror port of an L2 switch. Connecting is similar to a simplex or duplex tap, depending on 
whether the connection uses two separate devices or one device.

Hub. Choose duplex when you connect the L4 Traffic Monitor to a hub.

Regardless of how the appliance is connected to the network, you must configure the wiring type. For 
more information, see 

For more information about the T1 and T2 ports, see 

Use a network tap instead of the span/mirror port of a switch when possible. Network taps use hardware 
to move packets to the L4 Traffic Monitor and span and mirror ports of a switch use software to move 
packets. Hardware solutions move packets with better performance than software solutions and are less 
likely to drop packets in the process.

Typically, the L4 Traffic Monitor wiring type is configured during system setup. However, you can 
configure the wiring type after running the System Setup Wizard on the Network > Interfaces page. Click 
Edit Settings and select a wiring type for the T1 and T2 ports.