Cisco Cisco Web Security Appliance S170 Guia Do Utilizador
6-4
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 6 Web Proxy Services
Configuring the Web Proxy
IP Spoofing
Choose whether or not the Web Proxy should spoof IP addresses when
sending requests to upstream proxies and servers.
sending requests to upstream proxies and servers.
When the Web Proxy is deployed in transparent mode, you can enable IP
spoofing for transparently redirected connections only or all connections
(transparently redirected and explicitly forwarded).
spoofing for transparently redirected connections only or all connections
(transparently redirected and explicitly forwarded).
When IP spoofing is enabled, requests originating from a client retain the
client’s source address and appear to originate from the client rather than
from the Web Security appliance.
client’s source address and appear to originate from the client rather than
from the Web Security appliance.
Note: When IP spoofing is enabled and the appliance is connected to a
WCCP router, configure a WCCP service to redirect the return path.
WCCP router, configure a WCCP service to redirect the return path.
Persistent Connection
Timeout
Timeout
Enter how long the Web Proxy keeps open a connection to a client or
server after a transaction has been completed. Keeping a connection open
allows the Web Proxy to use it again for another request.
server after a transaction has been completed. Keeping a connection open
allows the Web Proxy to use it again for another request.
For example, after a client finishes a transaction with google.com, the Web
Proxy keeps the connection to the server google.com open for the amount
of time specified in the server side persistent timeout if no other client
makes a request for google.com.
Proxy keeps the connection to the server google.com open for the amount
of time specified in the server side persistent timeout if no other client
makes a request for google.com.
•
Client side. The maximum number of seconds the Web Proxy keeps a
connection open with a client on the network with no activity from the
client.
connection open with a client on the network with no activity from the
client.
•
Server side. The maximum number of seconds the Web Proxy keeps
a connection open with a destination server with no activity from any
client on the network to that server.
a connection open with a destination server with no activity from any
client on the network to that server.
Default is 300 seconds for both client and server side persistent timeouts.
You might want to increase the server side persistent timeout if clients on
the network frequently connect to the same server, or if the network has a
relatively slow connection to outside servers.
the network frequently connect to the same server, or if the network has a
relatively slow connection to outside servers.
Cisco recommends keeping the default values. However, you might want
to increase or decrease these values to keep connections open longer to
reduce overhead used to open and close connections repeatedly. Consider
that if you increase the persistent timeout values, you also reduce the
ability of the Web Proxy to open new connections if the maximum number
of simultaneous persistent connections has been reached.
to increase or decrease these values to keep connections open longer to
reduce overhead used to open and close connections repeatedly. Consider
that if you increase the persistent timeout values, you also reduce the
ability of the Web Proxy to open new connections if the maximum number
of simultaneous persistent connections has been reached.
Table 6-1
Web Proxy Settings (continued)
Property
Description