07 July 2016

Ironport WSA Overview

Get advanced threat defense, advanced malware protection, application visibility and control, insightful reporting, and secure mobility. The Cisco Web Security Appliance (WSA) combines all of these forms of protection and more in a single solution. The WSA also helps to secure and control web traffic, while simplifying deployment and reducing costs.

The Cisco Web Security Appliance intercepts and monitors internet traffic and applies policies to help keep your internal network secure from malware, sensitive data loss, productivity loss, and other internet-based threats.

The Cisco SensorBase Network

The Cisco SensorBase Network is a threat management database that tracks millions of domains around the world and maintains a global watch list for Internet traffic. SensorBase provides Cisco with an assessment of reliability for known Internet domains. The Web Security appliance uses the SensorBase data feeds to improve the accuracy of Web Reputation Scores.

Web Proxy IP Spoofing

When the web proxy forwards a request, it changes the request source IP address to match its own address by default. This increases security, but you can change this behavior by implementing IP spoofing, so that requests retain their source address and appear to originate from the source client rather than from the Web Security appliance. IP spoofing works for transparent and explicitly forwarded traffic. When the Web Proxy is deployed in transparent mode, you have the choice to enable IP spoofing for transparently redirected connections only or for all connections (transparently redirected and explicitly forwarded). If explicitly forwarded connections use IP spoofing, you should ensure that you have appropriate network devices to route return packets back to the Web Security appliance. When IP spoofing is enabled and the appliance is connected to a WCCP router, you must configure two WCCP services: one based on source ports and one based on destination ports.


No comments: