02-27-2014 02:41 AM
Dear
I need to purchase two Iron port box one for ADSL line and second for Leased Line
My aim Is when user open busineed site is go through Leased line and when open Un Business Site is go to ADSL
I need soultion to achive this ?
and i can predfine the Business and un business Site ?
02-27-2014 05:48 AM
Hello,
Unfortunately the WSA cannot control which requests get sent to it, it simply listens for traffic coming to its interface on specific ports (80, 3128, 21, 443). When it comes to specific URLs being routed to one WSA or another it will require that you have a device that can inspect the traffic at Layer 4 (HTTP/HTTPS/FTP) and make a routing decision based on the URI in the HTTP header.
You could add a 3rd WSA to route the traffic using an upstream proxy configuration. You would use proxy groups and routing policies to match Custom URL categories or predefined URL categories to send to one of the two upstream proxies.
Other than adding an additional device to route the traffic, you could look into Policy based routing or using multiple WCCP services (one for each WSA) and creating an ACL to match the business sites IP addresses vs the non-business sites. This could become an issue as most websites use dynamic IP schemes.
Hope this helps.
Best Regards,
Michael Hautekeete
Customer Support Engineer
Cisco Content Security - Web Security Appliance
http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
https://supportforums.cisco.com/community/netpro/security/web
https://supportforums.cisco.com/community/feeds?community=2091
02-27-2014 05:51 AM
One other method i wanted to mention was the use of a PAC or WPAD file. These types of files would allow you to configure statements to match domains and send to a specific WSA. The WSA also has the ability to host these files if you do not have better method of hosting them (i.e. DNS).
Best Regards,
Michael Hautekeete
Customer Support Engineer
Cisco Content Security - Web Security Appliance
http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
https://supportforums.cisco.com/community/netpro/security/web
https://supportforums.cisco.com/community/feeds?community=2091
02-27-2014 06:36 AM
Dear
you mean i 1st point that can i purchase 3 WSA and Make one as Priamry and the 2econd and 3rd as upstream Proxy
and I can Route based in URL catagroy as exmaple the Busines Catagory routed through 2econd WSA and the non business Catagory Routed via 3rd WSA and in this case the User will take the Primary Proxy in Internet browser seeting ?
02-27-2014 06:39 AM
Yes, you could either use an explicit setting (browser config/PAC/WPAD) or transparent (WCCP/PBR) to point to the first proxy and then the first proxy will route based on category to one of the two upstream proxies based on your policy configuration.
Best Regards,
Michael Hautekeete
Customer Support Engineer
Cisco Content Security - Web Security Appliance
http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
https://supportforums.cisco.com/community/netpro/security/web
https://supportforums.cisco.com/community/feeds?community=2091
02-27-2014 06:43 AM
in this Configuration can I achieve the Failover Or loadbalancer ?
02-27-2014 06:50 AM
Depending on what DR requirements you have, for load balancing/failover you would probably need 6 appliances total. 2 for the main proxy to either loadbalance with WCCP/physical load balancer or to have a backup in case of failover, and then the possibility of needing a backup for each of the upstream proxies.
The WSA's are in active/active mode and will require the failover be setup in whatever mechanism you are using to direct traffic to them (PAC/WPAD, load balancer, firewall, router, etc...)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide