The WSA main features are\u00a0 L4 Traffic Monitor and Web Proxy. Other features are
\n– URL filtering
\n– Web usage controls
\n– Application visibility & control
\n– Anti-Malware scanning (Sophos, McAfee, Webroot)<\/p>\n

Secure web proxy<\/strong> monitors and scans web traffic for malicious\u00a0 content. When you enable the web proxy, you can configure it to be in transparent or explicit forward\u00a0 mode<\/p>\n

The L4 Traffic Monitor<\/strong> detects and blocks rogue traffic across all ports and IP addresses. The L4 Traffic Monitor listens to network traffic that comes in over all ports and IP addresses on the appliance and matches domain names and IP addresses against entries in its own\u00a0 database tables to determine whether to allow outgoing traffic. L4 Traffic Monitor deployment is independent of the Web Proxy deployment. You can connect the L4 Traffic Monitor to a network tap or the mirror\/span port of a switch.<\/p>\n

When you enable the web proxy, you can configure it to be in transparent or explicit forward mode.<\/p>\n

Deployment<\/strong><\/h4>\n

Features you enable determine how you deploy and physically connect the appliance to the network. Two main deployment methods are Explicit forward proxy and Transparent Proxy.<\/p>\n

Explicit Forward Proxy:<\/strong> Client applications, such as web browsers, are aware of the Web Proxy and must be configured to point to a single Web Security appliance. This deployment requires a connection to a standard network switch. When you deploy the Web Proxy in explicit forward mode, you can place it anywhere in the network. IP spoofing is disabled by default<\/p>\n

ON – IP address of original source is maintained. OFF – Changing IP address to WSA IP address<\/p>\n

Automatic:<\/strong><\/em> Configure each client application to use a PAC file to detect the appliance Web Proxy\u00a0 automatically. Then you can edit the PAC file to specify the appliance Web Proxy information. PAC files work with web browsers only.
\nManual:<\/strong><\/em> Configure each client application to point the appliance Web Proxy by specifying the\u00a0 appliance hostname or IP address and the port number, such as 3128, used for listening to data\u00a0 traffic.<\/p>\n

Transparent Proxy:<\/strong> Clients applications are unaware of the Web Proxy and do not have to be configured to connect to the proxy. This deployment requires an Layer 4 switch or a WCCP v2\u00a0 router. When you specify a WCCP router, you need to configure additional settings on\u00a0 the appliance.When you specify a Layer 4 switch, you only need to specify that the appliance is connected to a Layer 4 switch when you configure the appliance.<\/p>\n

Note:<\/strong> When the Web Proxy is configured in transparent mode, you must enable the HTTPS Proxy if the appliance receives HTTPS traffic. When the HTTPS Proxy is disabled, the Web Proxy passes through\u00a0 explicit HTTPS connections and it drops transparently redirected HTTPS requests<\/p>\n

 <\/p>\n

Device Interface:<\/strong><\/h4>\n

Management – M1 and M2<\/strong>: Use for management of the WSA. Can also be used for data traffic in deployments where there is no separate management network.
\nData – P1 and P2:<\/strong> Use the Data interfaces for Web Proxy data traffic. Only P1 enabled by default. If P2 is enabled both interfaces should be connected to a different subnet.
\nL4 Traffic Monitor – T1 and T2:<\/strong> Use for Tap and Span. Can be used in simplex (only T1 for incoming and outgoing traffic) or duplex (T1 and T2 connected. T1 for outgoing and T2 for incoming) communication.<\/p>\n

 <\/p>\n

<\/a> Web Security Appliance Ethernet Ports<\/p>\n

<\/strong><\/h4>\n

WSA Initial Configs<\/strong><\/h4>\n

Initial interface config can be done via CLI or by going to default IP address and configuring from browser (Wizard or manual). Default setting are:<\/p>\n

default username\/password: admin\/ironport<\/em>
\ndefault ip address\/mask: 192.168.42.42\/24<\/em>
\nNo default gateway is set
\ndefault port: 8080 and 8443 for http and https<\/em><\/p>\n

 <\/p>\n

Implementing WCCP<\/strong><\/h4>\n

To set up the WSA to use WCCP you need to create at least one WCCP service on the appliance and configure the router to work with the Web Security appliance.<\/p>\n

A WCCP service is an appliance configuration that defines a service group to a WCCP v2 router. It includes information such as the service ID and ports used. Service groups allow a web proxy to establish\u00a0 connectivity with a WCCP router and to handle redirected traffic from the router<\/p>\n

Example WCCP Service<\/p>\n

ip wccp version 2\r\nip wccp service_group \r\ninterface interface_type_number\r\nip wccp service_group redirect direction\r\nip wccp service_group password password \r\nip wccp service_group redirect direction<\/pre>\n
ip wccp service_group redirect direction
\n<\/em>Use in when you want the router to redirect packets as they enter\u00a0 the router
\nUse out when you want the router to redirect packets right before they leave the router
\nASA supports only redirect in<\/p>\n
ip wccp service_group.<\/em>
\nWeb-cache. Enter \u201cweb-cache\u201d when the appliance WCCP service uses the standard service
\nService ID number. Enter a number from 0 to 255 when the appliance WCCP service uses a\u00a0 dynamic service ID. The number should match the service ID number used in the appliance.<\/p>\n
Example WCCP Service \u2014 Standard Service, No Password Required<\/p>\n
ip wccp version 2\r\nip wccp web-cache [redirect-list acl]\r\ninterface GigabitEthernet1\/0\/14\r\nip wccp web-cache redirect in<\/pre>\n
Example WCCP Service \u2014 Dynamic Service for IP Spoofing, Password required<\/p>\n
ip wccp version 2\r\nip wccp 90\r\ninterface GigabitEthernet1\/0\/14\r\nip wccp 90 redirect in\r\nip wccp 90 password Cisco123\r\n\r\nshow wccp\r\nshow wccp 90 service\r\nshow wccp 91 detail<\/pre>\n
There are 2 WCCP redirection methods
\n– Layer 2: WSA and router are on same layer 2 network.
\n– GRE<\/p>\n
Note: ASA only supports GRE.<\/p>\n
 <\/p>\n
Implementing L4 Traffic Monitor <\/strong><\/h4>\n
Configure span session for Vlan where traffic will be monitored.<\/p>\n
WSA
\npacketcapture<\/span> \u2013 look at packets destined any interface of the wsa.<\/p>\n
Switch
\nmonitor session 1 source int g1\/0\/1
\nmonitor session 1 destination interface g1\/0\/20
\nshow monitor<\/span><\/p>\n
 <\/p>\n
Miscellaneous commands:<\/strong><\/p>\n
showconfig<\/span> –\u00a0 show running config
\nresetconfig<\/span> – reset to factory defaults
\ninterfaceconfig<\/span> – configure wsa interface
\nsetgateway<\/span> – configure wsa default gateway
\nresetconfig<\/span> – reset to factory default<\/p>\n
ping, nslookup, grep, authcache<\/span><\/p>\n
 <\/p>\n
Source:<\/strong>
\nhttp:\/\/www.cisco.com\/en\/US\/docs\/security\/wsa\/wsa7.7.5\/user_guide\/WSA_7.7.5_UserGuide.book.pdf<\/a>
\nIP Expert VOD, INE Security Boot Camp<\/p>\n","protected":false},"excerpt":{"rendered":"
The WSA main features are\u00a0 L4 Traffic Monitor and Web Proxy. Other features are – URL filtering – Web usage controls – Application visibility & control – Anti-Malware scanning (Sophos, McAfee, Webroot) Secure web proxy monitors and scans web traffic for malicious\u00a0 content. When you enable the web proxy, you can configure it to be in transparent or explicit forward\u00a0 mode The L4 Traffic Monitor detects and blocks rogue traffic across all ports and IP addresses. The L4 Traffic Monitor listens to network traffic that comes in over all ports and IP addresses on the appliance and matches domain names and IP addresses against entries in its own\u00a0 database tables to determine whether to allow outgoing traffic. L4 Traffic Monitor deployment is independent of the Web Proxy deployment. You can connect the L4 Traffic Monitor to a network tap or the mirror\/span port of a switch. When you enable the web proxy, you can configure it to be in transparent or explicit forward mode. Deployment Features you enable determine how you deploy and physically connect the appliance to the network. Two main deployment methods are Explicit forward proxy and Transparent Proxy. Explicit Forward Proxy: Client applications, such as web browsers, are aware of the Web Proxy and must be configured to point to a single Web Security appliance. This deployment requires a connection to a standard network switch. When you deploy the Web Proxy in explicit forward mode, you can place it anywhere in the network. IP spoofing is disabled by default ON – IP address of original source is maintained. OFF – Changing IP address to WSA IP address Automatic: Configure each client application to use a PAC file to detect the appliance Web […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[8,7,3],"tags":[4,6,11,5,12,9,10],"_links":{"self":[{"href":"http:\/\/theipzone.com\/wp-json\/wp\/v2\/posts\/53"}],"collection":[{"href":"http:\/\/theipzone.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/theipzone.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/theipzone.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/theipzone.com\/wp-json\/wp\/v2\/comments?post=53"}],"version-history":[{"count":2,"href":"http:\/\/theipzone.com\/wp-json\/wp\/v2\/posts\/53\/revisions"}],"predecessor-version":[{"id":86,"href":"http:\/\/theipzone.com\/wp-json\/wp\/v2\/posts\/53\/revisions\/86"}],"wp:attachment":[{"href":"http:\/\/theipzone.com\/wp-json\/wp\/v2\/media?parent=53"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/theipzone.com\/wp-json\/wp\/v2\/categories?post=53"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/theipzone.com\/wp-json\/wp\/v2\/tags?post=53"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}