Transparent Deployment Using Layer 4 Switch

richard.bumanlag · ‎01-29-2012

Hi,

Just want to ask how to deploy WSA Ironport on transparent mode on layer 4 Switch.

I believe it is just deployed by choosing Layer 4 on Transparent Redirection on WSA Ironport.

But the question is, what will I need to configure to my Layer 4 switch for it to redirect traffic to WSA?

I'm trying to connect it to a hp procurve layer 4 switch to use transparent redirection.

Can someone clarify how to deploy it?

Thanks

Ken Stieers · ‎01-29-2012

Make sure your swtich can do it:

http://h30499.www3.hp.com/t5/Switches-Hubs-Modems-Legacy-ITRC/HP-Procurve-2626-Policy-based-routing/td-p/5421071

I did some digging and didn't find any decent docs on setting it up... but if you take your drawing from the L4TM question you posted, you want to set up a policy that for the "security vlan" so that all IP traffic on the web ports you want to monitor (80, 443, plus others you might want) gets sent to the IP of the WSAProxy

Here's a bit I lifted from a post on HP's site:

http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c03015541/c03015541.pdf

You'll want to have a look through Chapter 8 for the configuration. You've got to basically configure a traffic class, configure policies for it, and then apply it (in this case) to each of the VLANs you want it for.

What kind of firewall are you using? If its a Cisco ASA, it would actually be simpler to do WCCP to the WSA...

richard.bumanlag · ‎01-29-2012

Thanks for the Reply,

The firewall that I'm using does not support WCCP.

That is why I'm considering the Layer 4 Redirection.

Thanks