Ironport Initial Setup

Justice Nsude · ‎11-22-2012

Hi all,

I just setup an ironport S160 appliance on my network. The applaince shows to be up but it does not seem to be capturing users activities. the following are the configuration details:

Mode: Transparent

data interface: P1 only

mngt int: management only

filter mode:monitor only

Layer 4 switch mode enabled

WCCP:disabled

Licenses: up and valid.

Reporting: Enabled

I noticed that web categories that are enabled by default are up.

No reports are being generated at the moment. What do i have to configure on the core switch to redirect all traffic to the Ironport appliance? according to the S160 documentation, once Layer4 is chosen over WCCP nothing more is required which doesnt make much sense to me.

Attached is a schema showing my network diagram.

Any help will be appreciated.

regards,

Justice

Chetankumar Phulpagare · ‎11-26-2012

Hi Justice,

L4TM is not used for redirecting traffic for the purpose of web traffic inspection to Web Proxy on WSA. You will need to setup WCCP either on your 6505 or the ASA so that any outgoing traffic with dstn TCP port 80.

You can check details here:

http://www.cisco.com/en/US/docs/solutions/SBA/August2012/Cisco_SBA_BN_WebSecurityUsingWSADeploymentGuide-Aug2012.pdf

and here:

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11-629052.html

Please note that WSA supports explicit proxy even when configured in transparent mode. To ensure that your web proxy service is applying policies correctly, you can point your browser on test client to explicitely use WSA IP addr as a proxy. Then you can test the same with your traffic being redirected over WCCP. Also, please check the access logs on WSA to make sure if any traffic was seen on WSA.

Regards,

Chetan