11-22-2012 11:41 PM
Hi all,
I just setup an ironport S160 appliance on my network. The applaince shows to be up but it does not seem to be capturing users activities. the following are the configuration details:
Mode: Transparent
data interface: P1 only
mngt int: management only
filter mode:monitor only
Layer 4 switch mode enabled
WCCP:disabled
Licenses: up and valid.
Reporting: Enabled
I noticed that web categories that are enabled by default are up.
No reports are being generated at the moment. What do i have to configure on the core switch to redirect all traffic to the Ironport appliance? according to the S160 documentation, once Layer4 is chosen over WCCP nothing more is required which doesnt make much sense to me.
Attached is a schema showing my network diagram.
Any help will be appreciated.
regards,
Justice
11-26-2012 05:02 PM
Hi Justice,
L4TM is not used for redirecting traffic for the purpose of web traffic inspection to Web Proxy on WSA. You will need to setup WCCP either on your 6505 or the ASA so that any outgoing traffic with dstn TCP port 80.
You can check details here:
and here:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11-629052.html
Please note that WSA supports explicit proxy even when configured in transparent mode. To ensure that your web proxy service is applying policies correctly, you can point your browser on test client to explicitely use WSA IP addr as a proxy. Then you can test the same with your traffic being redirected over WCCP. Also, please check the access logs on WSA to make sure if any traffic was seen on WSA.
Regards,
Chetan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide