cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1972
Views
5
Helpful
1
Replies

Design guides for Ironport Web Security

Ruterford
Level 1
Level 1

Hi All,

I am looking for a proxy solution for our enterprise network, and considering Ironport WebSecurity S370 appliance.

I am just curious if there is any good design guides on how to properly implement Ironport on the network.

I need best practices documents, i.e.  can I place two units with one virtual IP address and so on.

Thanks!

1 Reply 1

WSA's don't cluster, with a shared virtual IP, how you handle mulitple WSA boxes is a function of how you're redirecting traffic to them.

     WCCP - you just add them as multiple WCCP destinations

     PAC file - you add seperate entries and the browser/app figures out which one is available.

     Policy Based Routing (eg. no Cisco router) - I'm not sure, as I've never done it.

You might be able to use a load balancer, but my feeling is that gets too complicated.

I used this to set up one box using WCCP

http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Smart_Business_Architecture/H1CY11/SBA_Mid_BN_WebSecurityDeploymentGuide-H1CY11.pdf

There's a caveat when you use WCCP for 2 boxes, you need to tweak the ACL so that you don't get loops:

http://ironport.custhelp.com/cgi-bin/ironport.cfg/php/enduser/std_adp.php?p_faqid=1603&p_created=1278697344&p_sid=zzjbITyk&p_accessibility=0&p_redirect=0&p_srch=1&p_lva=772&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MzA4LDMwOCZwX3By...