Cisco Web Security Appliance introduction

In this and upcoming posts we’ll discuss the Cisco Web Security Appliance. This is the blog agenda for the upcoming weeks:

Part 1: Introduction
Part 2: Installing
Part 3: Deploying Proxy Services
Part 4: Policies
Part 5: Acceptable use & HTTPS Inspection
Part 6: Authentication
Part 7: Defending malware

In this blog we’ll talk about the product introduction.

The Cisco Web Security Appliance (WSA) is an appliance for securing http, https and ftp traffic from (and to) the internet.

The WSA replaces all, or most of these devices in your network:

Firewall
Webproxy
Anti spyware
Antivirus
URL Filtering
Policy management

As you can see, it’s more than just a regular proxy server.

The internet provides a lot of websites, good websites and bad websites. There are a lot of websites which are not work related for a lot of companies. If you want to limit or block those websites for users, the WSA is the product for you. Limitation can be time based, bandwidth based, user based or category based (79 categories). Road warriors (remote users) can be protected too by Anyconnect security or Web cloud Security, also known as Scansafe.

The Cloud Web Security is not discussed in these blogs.

Cisco checks every (new) website on the internet and categorizes it. There are more than 10.000 new urls added per week. These category info is pushed to the WSA so it’s always up to date.

At this moment, there are a couple of WSA appliances:

WSA Models

For scaling, you can use these guidelines:
The S710 is used for 1500 users,
the S370 and S380 for 1500 – 6000 users
the S670 and S680 for 6000 – 12000 users.

The virtual WSA is available in three models.

S000V: 250GB disk, 50 GB Cache, 1 CPU core, 4GB ram
S100V: 250GB disk, 50 GB Cache, 2 CPU cores, 6GB ram
S300V: 1024GB disk, 200 GB Cache, 4 CPU cores, 8GB ram

To manage multiple WSA’s (or ESA’s) in 1 interface, including reporting and logging, you can use the SMA appliances:

MSA models

Scaling these SMA’s is a bit harder. It all depends on amount of reporting and logging you require.

How to redirect traffic to the WSA?

There are a few options for redirecting traffic to the WSA:
– WCCP
–  Policy based routing
– Proxy settings on the users’ browser

But more on that in a later post.