01-29-2017 05:52 AM
Hi
I have two Cisco WSA 390 boxes and I have the below types of users
1. Domain users which I am planning to integrate with WSA and apply the policies from WSA for Internet Access.
2. Wireless Guest which are authenticated by WLC and access the internet and these users are not part of any domain.
3. Tenant users which are located in my remote branches and are part of different domain which I have no control but these users come to my network for internet access.
For #1 I can simply use explicit proxy and I can push the proxy setting from AD group policy and users will use WSA as a proxy.
For #2 and #3 I am planning to use the PBR in my cisco Core switch. Since internet traffic from both 2 and 3 are passing through the core , can I use a PBR and direct all traffic to WSA IP? Will that work for me as I don't have the option of pushing the proxy IP in these clients.
Please advice
Thanks
Solved! Go to Solution.
02-07-2017 01:01 AM
Hi Bilal,
If you want to configure Explicit Proxy in your network, you can check the WPAD configuration.
The Web Proxy Auto-Discovery (WPAD) protocol is a method used by Web browsers to locate a Proxy Auto-Config (PAC) file automatically.
WPAD can use DNS or DHCP to locate a PAC file.
A DHCP server must be configured to serve an additional setting in an IP address assignment; option 252. This option specifies the exact location of the PAC file.
The file name does not need to follow any specific naming convention, however if WPAD DNS is to be used also, the file must have the file name wpad.dat.
For more information, you can refer to: http://www.cisco.com/c/en/us/td/docs/security/web_security/connector/connector3000/WPADAP.html
Thanks & Regards,
Kushagra Srivastava
02-01-2017 11:58 AM
You can also use WCCP. WCCP enables supported Cisco routers and switches to transparently redirect content requests. With transparent redirection, users do not have to configure their browsers to use a web proxy. Instead, they can use the target URL to request content, and their requests are automatically redirected to an application engine. For more information please see the below link
02-01-2017 09:48 PM
Hi Ravi
Thanks for the answer. I would have been using WCCP but the customer is not ready for using it. I have to use the explicit proxy mode. Can I configure it the way I have mentioned in my first topic?
Please advice
Thanks
02-02-2017 07:35 AM
Bilal What I think You can configure PBR on core switch and host the PAC file on WSA to push the proxy setting for #2 and #3. Hope this work for you
07-28-2017 06:15 PM
Check the link below
http://www.cisco.com/c/en/us/td/docs/security/web_security/connector/connector3000/WPADAP.html
Moreover Web Proxy Auto-Discovery (WPAD) protocol is a method used by Web browsers to locate a Proxy Auto-Config (PAC) file automatically.
WPAD can use DNS or DHCP to locate a PAC file.
A DHCP server must be configured to serve an additional setting in an IP address assignment; option 252. This option specifies the exact location of the PAC file.
The file name does not need to follow any specific naming convention, however if WPAD DNS is to be used also, the file must have the file name wpad.dat.
02-07-2017 01:01 AM
Hi Bilal,
If you want to configure Explicit Proxy in your network, you can check the WPAD configuration.
The Web Proxy Auto-Discovery (WPAD) protocol is a method used by Web browsers to locate a Proxy Auto-Config (PAC) file automatically.
WPAD can use DNS or DHCP to locate a PAC file.
A DHCP server must be configured to serve an additional setting in an IP address assignment; option 252. This option specifies the exact location of the PAC file.
The file name does not need to follow any specific naming convention, however if WPAD DNS is to be used also, the file must have the file name wpad.dat.
For more information, you can refer to: http://www.cisco.com/c/en/us/td/docs/security/web_security/connector/connector3000/WPADAP.html
Thanks & Regards,
Kushagra Srivastava
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide