Cisco Cisco Web Security Appliance S170 사용자 가이드
28
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
D E P L OY M E N T O V E R V I E W
The Web Security appliance is typically installed as an additional layer in the network
between clients and the Internet. Depending on how you deploy the appliance, you may or
may not need a Layer 4 (L4) switch or a WCCP router to direct client traffic to the appliance.
between clients and the Internet. Depending on how you deploy the appliance, you may or
may not need a Layer 4 (L4) switch or a WCCP router to direct client traffic to the appliance.
When you deploy the Web Security appliance, you can enable one or both of the following
features:
features:
• Secure web proxy. The appliance web proxy service monitors and scans web traffic for
malicious content. When you enable the web proxy, you can configure it to be in
transparent or explicit forward mode.
transparent or explicit forward mode.
• L4 Traffic Monitor. The L4 Traffic Monitor detects and blocks rogue traffic across all ports
and IP addresses. The L4 Traffic Monitor listens to network traffic that comes in over all
ports and IP addresses on the appliance and matches domain names and IP addresses
against entries in its own database tables to determine whether to allow outgoing traffic.
ports and IP addresses on the appliance and matches domain names and IP addresses
against entries in its own database tables to determine whether to allow outgoing traffic.
By default, both the L4 Traffic Monitor and Web Proxy are enabled in the System Setup
Wizard. If you need to disable both or one of these features, you can do so after initial setup
from the web interface.
Wizard. If you need to disable both or one of these features, you can do so after initial setup
from the web interface.
The features you enable determine how you deploy and physically connect the appliance to
the network. For more information about how the features you enable affect appliance
deployment, see “Preparing for Deployment” on page 28. For more information about the
Ethernet ports used to physically connect the appliance to the network, see “Appliance
Interfaces” on page 30.
the network. For more information about how the features you enable affect appliance
deployment, see “Preparing for Deployment” on page 28. For more information about the
Ethernet ports used to physically connect the appliance to the network, see “Appliance
Interfaces” on page 30.
Preparing for Deployment
Before installing the Web Security appliance, read through the following questions and use
the responses to each question to help you decide how to deploy the appliance and where to
locate it in your network. Each response includes a reference to a different section that covers
the response in more detail.
the responses to each question to help you decide how to deploy the appliance and where to
locate it in your network. Each response includes a reference to a different section that covers
the response in more detail.
1. Will you deploy the Web Security appliance as a transparent proxy or an explicit forward
proxy?
• Explicit Forward Proxy. Client applications, such as web browsers, are aware of the
Web Proxy and must be configured to point to a single Web Security appliance. This
deployment requires a connection to a standard network switch. When you deploy
the Web Proxy in explicit forward mode, you can place it anywhere in the network.
For more information, see “Deploying the Web Proxy in Explicit Forward Mode” on
page 33.
deployment requires a connection to a standard network switch. When you deploy
the Web Proxy in explicit forward mode, you can place it anywhere in the network.
For more information, see “Deploying the Web Proxy in Explicit Forward Mode” on
page 33.
• Transparent Proxy. Clients applications are unaware of the Web Proxy and do not
have to be configured to connect to the proxy. This deployment requires an L4 switch
or a WCCP v2 router. For more information, see “Deploying the Web Proxy in
Transparent Mode” on page 34.
or a WCCP v2 router. For more information, see “Deploying the Web Proxy in
Transparent Mode” on page 34.