Cisco Cisco Web Security Appliance S670 정보 가이드

Contributed by Jakob Dohrmann and Siddharth Rajpathak, Cisco TAC
Engineers.

Jul 15, 2014

What is the difference between Transparent and Forward proxy mode?

The goal of a proxy is to be the middle man (proxy) between HTTP clients and HTTP servers. This
specifically means that the Cisco Web Security Appliance (WSA), as a web proxy, will have two sets of TCP
sockets per client request:

Client −> WSA
WSA −> Origin server

How the WSA HTTP proxy obtains the client's request can be defined as one of two ways: Transparently or
Explicitly.

Each of these deployments have several specific configuration options:

Transparent

Layer 4 Switch
(PBR) 

A Layer 4 switch is used to redirect based on destination port 80

 Transparent  WCCP

 A WCCP v2 enabled device (typically a router, switch, PIX, or ASA)
redirects port 80

Transparent Bridged mode

Dual NICs, virtually paired. Traffic goes in one NIC and out the other (not
available)

Explicit

Browser Configured Client browser is explicitly configured to use a proxy

Explicit

.PAC file configured

Client browser is explicitly configured to us a .PAC file, which in turn,
references the proxy

When requests are being redirected to the WSA transparently, the WSA must pretend to be the OCS (origin
content server), since the client is unaware of the existence of a proxy. On the contrary, if a request is
explicitly sent to the WSA, the WSA will respond with it's own IP information.

There are a few differences between explicit and transparent client HTTP requests: