Cisco Cisco Web Security Appliance S670 Guida Utente

If the upstream proxy is in explicit forward mode, consider the following rules and 
guidelines:

You must enter the IP address or hostname and port of the upstream proxy.

Consider whether the hostname of the upstream proxy resolves to multiple IP 
addresses. The Web Security appliance only queries the DNS server for the 
IP address at startup. If an IP address is added or removed from that 
hostname, the proxy must restart to resolve and add the hostname to the new 
set of IP addresses. 

If the upstream proxy manages user authentication or access control using 
proxy authentication, you must enable the X-Forwarded-For header to send 
the client host header to the upstream proxy. Use the Security Services > Web 
Proxy page to enable the X-Forwarded-For header setting.

If you want to send authentication credentials to an upstream proxy when the 
Web Security appliance is deployed in explicit forward mode, you must 
configure the Web Proxy to forward authorization request headers to a parent 
proxy server using the 

advancedproxyconfig > authentication

 CLI 

command.

By default, the Web Proxy does not forward proxy authorization headers 
to upstream proxy servers for security reasons.

If the upstream proxy manages client traffic using a PAC file or a login script, 
you must update these files to use the IP address or hostname of the Web 
Security appliance.

L4 Traffic Monitor (L4TM) deployment is independent of the Web Proxy 
deployment. When connecting and deploying the L4 Traffic Monitor, consider the 
following:

Physical connection. You can choose how to connect the L4 Traffic Monitor 
to the network. For more information, see 

.