The Cisco Ironport WSA's specifically use Regular Expressions Flex.
First off, the WSA will only manipulate HTTP. So if the sites in question are indeed in HTTPS, you will need to make sure it gets Decrypted in a Decryption Policy. This can get tricky depending on how you are deployed. I will assume WCCP since that seems to be the most common to me. In a Transparent deployment, the WSA will not know the URL that the client is trying access until it is decrypted. To force a decryption for that specific site(s), you will need to get the Common Name of the SSL Server Certificate. There are many ways to get it, but if you have access to OpenSSL, you can use the following command:
This will complete the SSL handshake and you should see the CN some where in the text message. In your example above, I want to guess that the CN could be *.learning.com. You will need to place learning.com, and .learning.com into a Custom URL Category, and force the traffic to be Decrypted.
How many sites are we referring to? You won't be able to make a RegEx that will catch server32.learning.com/12345, and have the WSA automatically detect 12345, and redirect it to teaching.com/12345. Each one will need to have its own regular expression. So in your example above, this is what I'd do:
In the Access Policies, have the RegEx server32.learning.com/298555, and Redirect it to server32.teaching.com/298555. Depending on how many you need to do, you're going to need 1 single URL category for each. Excessive URL categories are known to cause performance problems.
Are you trying to have 1 single RegEx do the job? If so, the destination (redirected) URL will not have any correlation with the URL being accessed. The WSA does not have the ability to pull information out of the original URL, and append it to a destined redirection. Was this what you are trying to do?
This issue can get quite sticky. I'd recommend you open a TAC case and speak to an engineer regarding your intentions.
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the SecureX regio...
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the Secur...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...