I have been deployment a demo installation of the Cisco Ironport WSA for a client. Actually, without the Ironport, each /24 segment navigate to the Internet with a differente IP address directly through a firewall. The client wants to have that distinction also using the Ironport, but the Ironport makes all the connections to Internet using its own IP address.
Is there a way I can create different IP addresses on the Ironport and use a different IP address for each different IP segment? That is the way I think we can still make that distinction.
Also, just to check, the Ironport always use its own IP address to make the connection, right? or there is a way it can be used "as a bridge", thanks a lot!!
By default, Ironport WSA will use its own IP address to connect to web servers. Under Security Services --> Web Proxy, we have option to enable "IP spoofing" which means that WSA will send out requests to web servers using clients IP addr as source addr.
In this case, please note that return traffic from web server to client will bypass WSA unless you have WCCP redirection configured to redirect this return traffic as well to WSA.
Inviting all Security & Networking professionals! We want you to tell us what devices you use to do your work and its screen resolution. Your response will help us improve network and security management tools.
Click here to take the 5-minute s...
This guide is intended to show some nifty and powerful use cases that a lot of customers either want or don’t know they want. There are tons of other content out there for specific knobs or capabilities, but this is looking to be a more complete...
Since ASDM 7.12(2) I am no longer able to run ASDM on CentOS 7 using javaws. It appears to launch and dies. However, I am now running ASDM directly in java and it works fine.First attempt "javaws https://<ip of firewall>/admin/public/asd...
User Experience Enhancements
Expansion of Activity Descriptions
Activity Descriptions provide more context and help with understanding and security implications of suspicious Activities. With this update, we are expanding the coverage to a vast majority o...