10-23-2012 10:20 PM - edited 03-07-2019 09:38 AM
Hi Everyone,
Need to know traffic flow in network environment where we have ironport device,ASA and Waas.
Ironport is used to block certain websites.
If user PC access a website how will traffic flow from user PC to the Outisde?
Need to know if ironport will check website first ? will it then it ASA or will it hit WAAS first?
Need to know the order in which traffic will hit network devices ironport ,ASA and WAAS
Thanks
Mahesh
Solved! Go to Solution.
10-27-2012 08:35 PM
You would need to either give us a diagram of your network or describe how the path from inside to outside works.
Generally, if PC1 goes to www.google.com, it will go to it's default gateway first, from there (in your scenario), it will most likely go to the ironport, and then I bet the ironport has a route to go to the ASA, and to Outside. I don't have any experience with Waas to be honest with you. Just so you know, the ASA can also do Web Filtering. Of course there is a cost involved depending on if you got the right module with it and licensing it may by cheaper jus to keep the ironport which I completely understand.
10-28-2012 01:19 AM
It's possible your ASA or your core switch (if Cisco) is configured with Cisco's WCCP. This enables transparent redirection of HTTP traffic to an IronPort appliance, so no client config needed:
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/wccp.html
10-27-2012 08:35 PM
You would need to either give us a diagram of your network or describe how the path from inside to outside works.
Generally, if PC1 goes to www.google.com, it will go to it's default gateway first, from there (in your scenario), it will most likely go to the ironport, and then I bet the ironport has a route to go to the ASA, and to Outside. I don't have any experience with Waas to be honest with you. Just so you know, the ASA can also do Web Filtering. Of course there is a cost involved depending on if you got the right module with it and licensing it may by cheaper jus to keep the ironport which I completely understand.
10-28-2012 01:19 AM
It's possible your ASA or your core switch (if Cisco) is configured with Cisco's WCCP. This enables transparent redirection of HTTP traffic to an IronPort appliance, so no client config needed:
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/wccp.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide