Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1414
Views
0
Helpful
1
Replies

Ironport Initial Setup

Justice Nsude
Level 1
Level 1

‎11-22-2012 11:41 PM

Hi all,

I just setup an ironport S160 appliance on my network. The applaince shows to be up but it does not seem to be capturing users activities. the following are the configuration details:

Mode: Transparent

data interface: P1 only

mngt int: management only

filter mode:monitor only

Layer 4 switch mode enabled

WCCP:disabled

Licenses: up and valid.

Reporting: Enabled

I noticed that web categories that are enabled by default are up.

No reports are being generated at the moment. What do i have to configure on the core switch to redirect all traffic to the Ironport appliance? according to the S160 documentation, once Layer4 is chosen over WCCP nothing more is required which doesnt make much sense to me.

Attached is a schema showing my network diagram.

Any help will be appreciated.

regards,

Justice

Labels:
138811-Drawing1.vsd.zip
0 Helpful
1 Reply 1

Chetankumar Phulpagare
Cisco Employee
Cisco Employee

‎11-26-2012 05:02 PM

Hi Justice,

L4TM is not used for redirecting traffic for the purpose of web traffic inspection to Web Proxy on WSA. You will need to setup WCCP either on your 6505 or the ASA so that any outgoing traffic with dstn TCP port 80.

You can check details here:

http://www.cisco.com/en/US/docs/solutions/SBA/August2012/Cisco_SBA_BN_WebSecurityUsingWSADeploymentGuide-Aug2012.pdf

and here:

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11-629052.html

Please note that WSA supports explicit proxy even when configured in transparent mode. To ensure that your web proxy service is applying policies correctly, you can point your browser on test client to explicitely use WSA IP addr as a proxy. Then you can test the same with your traffic being redirected over WCCP. Also, please check the access logs on WSA to make sure if any traffic was seen on WSA.

Regards,

Chetan

0 Helpful
Customers Also Viewed These Support Documents