Cisco Cisco Web Security Appliance S670 Guia Do Utilizador
2-9
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 2 Connect, Install, and Configure
System Setup Wizard
Network / Network Interfaces and Wiring
Network / Routes for Management and Data Traffic
Note
If you enable “Use M1 port for management only”, this section will have separate sections for
management and data traffic; otherwise one joint section will be shown.
management and data traffic; otherwise one joint section will be shown.
Property
Description
Management
The IP address, network mask, and hostname to use to manage the Web Security
appliance and, by default, for proxy (data) traffic.
appliance and, by default, for proxy (data) traffic.
Administrators can use the hostname specified here when connecting to the
appliance management interface (or in browser proxy settings if M1 is used for
proxy data), but you must register it in your organization’s DNS.
appliance management interface (or in browser proxy settings if M1 is used for
proxy data), but you must register it in your organization’s DNS.
(Optional) Check the Use M1 Port For Management Only checkbox if you want
to use a separate port for data traffic.
to use a separate port for data traffic.
Note
When you use M1 for management traffic only, configure at least one data
interface, on another subnet, for proxy traffic. You must also define
different routes for management and data traffic.
interface, on another subnet, for proxy traffic. You must also define
different routes for management and data traffic.
Data
The IP address, network mask, and hostname to use for data traffic on the P1 port.
This must use a different subnet to that used by the management port.
This must use a different subnet to that used by the management port.
Clients can use the hostname specified here (in browser proxy settings, for
example) but you must register it in your organization’s DNS.
example) but you must register it in your organization’s DNS.
If you configure the M1 interface for management traffic only, you must configure
the P1 interface for data traffic. However, you can configure the P1 interface even
when the M1 interface is used for both management and data traffic.
the P1 interface for data traffic. However, you can configure the P1 interface even
when the M1 interface is used for both management and data traffic.
You can enable and configure the P1 port only in the System Setup Wizard. If you
want to enable the P2 interface, you must do this after finishing the System Setup
Wizard.
want to enable the P2 interface, you must do this after finishing the System Setup
Wizard.
Layer-4 Traffic
Monitor
Monitor
The type of wired connections plugged into the “T” interfaces:
•
Duplex TAP. The T1 port receives both incoming and outgoing traffic.
•
Simplex TAP. The T1 port receives outgoing traffic (from the clients to the
Internet) and the T2 port receives incoming traffic (from the Internet to the
clients).
Internet) and the T2 port receives incoming traffic (from the Internet to the
clients).
Cisco recommends using Simplex when possible because it can increase
performance and security.
performance and security.
Table 2-3
Property
Description
Default Gateway
The default gateway IP address to use for the traffic through the Management and
Data interfaces.
Data interfaces.
Static Routes
Table
Table
Optional static routes for management and data traffic. Multiple routes can be
added. A route gateway must reside on the same subnet as the Management or
Data interface on which it is configured.
added. A route gateway must reside on the same subnet as the Management or
Data interface on which it is configured.