Cisco Cisco Web Security Appliance S380 Guida Utente

Network address translation (NAT). When configuring the L4 Traffic 
Monitor, connect it at a point in your network where it can see as much 
network traffic as possible before getting out of your egress firewall and onto 
the Internet. It is important that the L4 Traffic Monitor be ‘logically’ 
connected after the proxy ports and before any device that performs network 
address translation (NAT) on client IP addresses.

L4 Traffic Monitor action setting. The default setting for the L4 Traffic 
Monitor is monitor only. After setup, if you configure the L4 Traffic Monitor 
to monitor and block suspicious traffic, ensure that the L4 Traffic Monitor and 
the Web Proxy are configured on the same network so that all clients are 
accessible on routes that are configured for data traffic. 

You can connect the L4 Traffic Monitor to the network in any of the following 
ways:

Network tap. When you use a network tap, you can choose the following 
communication types:

Simplex. This communication type uses one cable for all traffic between 
clients and the appliance, and one cable for all traffic between the 
appliance and external connections. Connect port T1 to the network tap 
so it receives all outgoing traffic (from the clients to the Internet), and 
connect port T2 to the network tap so it receives all incoming traffic 
(from the Internet to the clients).

Duplex. This mode uses one cable for all incoming and outgoing traffic. 
You can use half- or full-duplex Ethernet connections. Connect port T1 
to the network tap so it receives all incoming and outgoing traffic.

Cisco recommends using simplex when possible because it can increase 
performance and security.

Span/mirror port of an L2 switch. Connecting is similar to a simplex or 
duplex tap, depending on whether the connection uses two separate devices 
or one device.

Hub. Choose duplex when you connect the L4 Traffic Monitor to a hub.