Decide how you are going to configure the Cisco Web Security Appliance within your network.

The Cisco Web Security Appliance is typically installed as an additional layer in the network between clients and the Internet. Depending on how you deploy the appliance, you may or may not need a Layer 4 (L4) switch or a WCCP router to direct client traffic to the appliance.

Deployment options include:

• Transparent Proxy—Web proxy with an L4 switch

• Transparent Proxy—Web proxy with a WCCP router

• Explicit Forward Proxy—Connection to a network switch

• L4 Traffic Monitor—Ethernet tap (simplex or duplex)

  • Simplex Mode: Port T1 receives all outgoing traffic, and port T2 receives all incoming traffic.

  • Duplex Mode: Port T1 receives all incoming and outgoing traffic.

Note	See “Connect to the Appliance” for more information about individual ports on the appliance.

Note	To monitor true client IP addresses, the L4 traffic monitor should always be configured inside the firewall and before NAT (Network Address Translation).

If your installation includes multiple Cisco Web Security Appliances (S-Series) or Cisco Email Security Appliances (C-Series), you may want to also use a Cisco Content Security Management Appliance (M-Series) to manage them, as show in the following network diagram:

To remotely configure the appliance using the network connection, you must temporarily change the IP address of your computer.

Note	Make a note of your current IP configuration settings as you will need to revert to these settings after you finish the configuration.

Alternatively, you can use the serial console to configure the appliance, without changing the IP address. If you use the serial console, see Connect to the Appliance.