The Web Security appliance is typically installed as an additional layer in the network between clients
and the Internet. Depending on how you deploy the appliance, you may need a Layer 4 (L4) switch or a
WCCP router to direct client traffic to the appliance.

These deployment options are available on the Web Security appliance:

•

Secure web proxy. The appliance web proxy service monitors and scans web traffic for malicious
content. When you enable the web proxy, you can configure it to be in transparent or explicit forward
mode.

•

L4 Traffic Monitor. The L4 Traffic Monitor detects and blocks rogue traffic across all ports and IP
addresses. The L4 Traffic Monitor listens to network traffic that comes in over all ports and IP
addresses on the appliance and matches domain names and IP addresses against entries in its own
database tables to determine whether to allow outgoing traffic.

•

Cloud Web Security Connector. The Cloud Web Security Connector connects the Web Security
Appliance to Cisco Cloud Web Security, redirecting web traffic to the Cloud Web Security tower.
When deployed as a Cloud Web Security Connector, the standard web proxy services and L4 Traffic
Monitor services are not available. Information about deploying as a Cloud Web Security Connector
is in

Chapter 7, “Cloud Web Security Connector.”

When deployed in standard mode (not as a Cloud Web Security Connector), by default, both the L4
Traffic Monitor and Web Proxy are enabled in the System Setup Wizard. If you need to disable one or
both of these features, you can do so after initial setup from the web interface.