10-27-2022 06:16 AM
is there a method to bring 3 WSA into a cluster and do loadbalance.
The intention is 5000 to 700 number of user traffic should be equally taken by WSA 9load balance)
If a WSA fails, traffic shd be able to connect to secondary WSA.
10-27-2022 06:46 AM
10-29-2022 01:27 AM
Thank you @Ken Stieers
faiolver via WCCP has any delay?
10-29-2022 05:04 AM
10-28-2022 12:00 AM
Hi @manvik
as @Ken Stieers mentioned its all depends on your network design and how you forward web traffic to WSA
[1] WSA by design has Failover Capability and not the Load balancing feature (which is expected due to traffic forward method)
[2] If you are using GPO to assign Proxy settings to your Clients with .PAC or directly you can redirect some of your traffic to WSA1 and if failed use WSA2, and for the rest of your network redirect the traffic to WSA2 if failed WSA1, but please notice that if you are configuring two WSA's IP / URL in your .PAC file and the 1st failed, your browser still try to connect the 1st Proxy, if no response will try the 2nd one, so you will face some delay there
Failover using the PAC file - Cisco Community
[3] in transparent deployment, you can use weighted configuration and distribute the traffic between your WSAs
[4] lastly is, if you have load balancer, that will do the job for you
Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
10-29-2022 01:20 AM
Thank you @amojarra
1. Got the point
2. Got the point
3. Any documentation for setting up weighted configuration?
Transparent uses WCCP? if WCCP only HTTPS & socks should reach WSA ?
As I know WSA does not process non standard ports than above
4. Got the point
11-18-2022 01:57 AM
Sorry @manvik
I don't know how I missed your reply
[1] Any documentation for setting up weighted configuration?
there are some guides in the User-guide : User Guide for AsyncOS 11.0 for Cisco Web Security Appliances - Connect, Install, and Configure [Cisco Secure Web Appliance] - Cisco
depends on which device you are using to do the WCCP redirection, you need to check the user guide for that device, such as ASA or ...
[2] Transparent uses WCCP?
Yes
[3] if WCCP only HTTPS & socks should reach WSA ?
WSA supports SOCKs proxy as well, and also supports WCCP version 2 which you can redirect TCP/UDT any port number to WSA
[4] As I know WSA does not process non standard ports than above
yes you can enable SOCKS proxy from GUI > Security Services > Security Services
again sorry for late reply
Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide