background image

11

Connect to the Appliance

Plug the Ethernet cables into the appropriate ports on the back panel of the 
Cisco S190 appliance.

  •

The proxy ports are labeled P1 and P2.

  –

P1 only enabled: When only P1 is enabled, connect it to the network for 
both incoming and outgoing traffic.

  –

P1 and P2 enabled: When both P1 and P2 are enabled, you must connect 
P1 to the internal network and P2 to the Internet.

  •

The traffic monitor ports are labeled T1 and T2.

  –

Simplex tap: Ports T1 and T2; one cable for all packets destined for the 
Internet (T1) and one cable for all packets coming from the Internet 
(T2).

  –

Duplex tap: Port T1; one cable for all incoming and outgoing traffic.

Item

Port

Description

1

Proxy port 1 Connect proxy port P1 to the 

network for both incoming and 
outgoing traffic.

2

Proxy port 2 When both proxy ports P1 and P2 

are enabled, you must connect P1 to 
the internal network and P2 to the 
Internet. P1 and P2 can connect to L4 
switch, WCCP router, or network 
switch.

3

Traffic 
Monitor 
port 1

Traffic monitor port T1 for Duplex 
Ethernet tap: One cable for all 
incoming and outgoing traffic.

Summary of Contents for S190

Page 1: ...gs Plan the Installation Install the Appliance in a Rack Plug In the Appliance Temporarily Change Your IP Address for Remote Access Connect to the Appliance Power Up the Appliance Log In to the Appliance Run the System Setup Wizard Check for Available Upgrades Configure Network Settings Configuration Summary Additional Configuration ...

Page 2: ...e You Begin Before you begin the installation make sure that you have the items needed The following items are included with the Cisco S190 Web Security Appliance Rails and adaptor kit Power cable Ethernet cable for connecting the appliance to your network Regulatory Safety and Compliance Information You will need to provide the following items yourself Rack cabinet enclosure if rack mounting the ...

Page 3: ...uter Explicit Forward Proxy L4 Traffic Monitor Simplex tap Span port Duplex tap Span port Network Context Is there another proxy on the network Yes Other Proxy IP Address Other Proxy Port Network Settings Default System Hostname DNS Servers Use the Internet root DNS servers Use the following DNS servers maximum 3 1 2 3 Network Time Protocol NTP Server Time Zone Region Time Zone Country Time Zone G...

Page 4: ...t interface If configured separately the Data interface IP address and the management interface IP address cannot share the same subnet Routes Internal Routes for Management Default Gateway Static Route Name Static Route Destination Network Static Route Gateway Internal Routes for Data Default Gateway Static Route Name Static Route Destination Network Static Route Gateway ...

Page 5: ...rity Password _________________ Note When you connect the appliance to a WCCP router you might need to configure the Web Security appliance to create WCCP services after you run the System Setup Wizard Administrative Settings Administrator Password Email System Alerts To SMTP Relay Host Optional AutoSupport Enable SenderBase Network Participation Enable Limited Standard ...

Page 6: ... L4 switch Transparent Proxy Web proxy with a WCCP router Explicit Forward Proxy Connection to a network switch L4 Traffic Monitor Ethernet tap simplex or duplex Simplex Mode Port T1 receives all outgoing traffic and port T2 receives all incoming traffic Duplex Mode Port T1 receives all incoming and outgoing traffic Security Services L4 Traffic Monitor Monitor only Block Acceptable Use Controls En...

Page 7: ...rewall and before NAT Network Address Translation If your installation includes multiple Cisco Web Security Appliances S Series or Cisco Email Security Appliances C Series you may want to also use a Cisco Content Security Management Appliance M Series to manage them as shown in the following network diagram ...

Page 8: ...ries Content Security Appliances Installation and Maintenance Guide Appliance Placement in a Rack Ambient Temperature To prevent the appliance from overheating do not operate it in an area that exceeds an ambient temperature of 104 F 40 C Air Flow Be sure that there is adequate air flow around the appliance Mechanical Loading Be sure that the appliance is level and stable to avoid any hazardous co...

Page 9: ...he serial console proceed to section 8 below Note Make a note of your current IP configuration settings because you will need to revert to these settings after you finish the configuration For Windows Step 1 Connect your laptop to the primary Management Port labeled M1 using the cross over or Ethernet cable included in the system box The Cisco S190 appliance uses the M1 Management port only Step 2...

Page 10: ...he Apple menu and choose System Preferences Step 2 Click Network Step 3 Select the network configuration with the green icon This is your active connection Then click Advanced Step 4 Click the TCP IP tab and from Ethernet settings choose Manually from the drop down list Step 5 Enter the following changes IP Address 192 168 42 43 Subnet Mask 255 255 255 0 Router 192 168 42 1 Step 6 Click OK ...

Page 11: ...2 Simplex tap Ports T1 and T2 one cable for all packets destined for the Internet T1 and one cable for all packets coming from the Internet T2 Duplex tap Port T1 one cable for all incoming and outgoing traffic Item Port Description 1 Proxy port 1 Connect proxy port P1 to the network for both incoming and outgoing traffic 2 Proxy port 2 When both proxy ports P1 and P2 are enabled you must connect P...

Page 12: ...t least 10 minutes for the system to complete the power up sequence and the LEDs to turn green If you turn the power off before the initialization is complete the appliance will NOT reach an operational state and must be returned to Cisco 4 Traffic Monitor port 2 Traffic monitor port for Simplex Ethernet tap One cable for all packets destined for the internet T1 and one cable for all packets comin...

Page 13: ...e parameter is assigned during system setup Before you can connect to the management interface using a hostname http hostname 8080 you must add the appliance hostname and IP address to your DNS server database Step 3 Click Login Command Line Interface Step 1 Access the command line interface locally or remotely To access the CLI locally set up a terminal to connect to the serial port using 9600 bi...

Page 14: ...uration or be performing the installation This is because you have changed the IP address but the installation is underway Step 6 If you temporarily changed the IP address of your computer as described above change the IP address settings back to the original values Step 7 Ensure that your laptop and the appliance are connected to the network Step 8 Log in to the appliance again at the hostname or...

Page 15: ...ss using the following ports SMTP and DNS services must have access to the Internet The web security appliance must be able to listen on the following ports FTP port 21 data port TCP 1024 and higher HTTP port 80 HTTPS port 443 Management access ports 8443 HTTPS and 8080 HTTP SSH port 22 The web security appliance must be able to make an outbound connection on the following ports DNS port 53 FTP po...

Page 16: ...om the MGMT port http 192 168 42 42 8080 so ensure that you have a connection to the MGMT port Also verify that you open firewall ports 80 and 443 on your management interface Data After running the System Setup Wizard at least one port on the appliance is configured to receive web traffic from the clients on the network M1 only M1 and P1 M1 P1 and P2 P1 only or P1 and P2 Note If you configured th...

Page 17: ...hich URL categories to monitor or block and web reputation and anti malware settings You can also define several other policy types to enforce your organization s acceptable use policies by controlling access to the Internet For example you can define policies for decrypting HTTPS transactions and other polices that control upload requests Traffic Monitor After running the System Setup Wizard one ...

Page 18: ... may want to configure for your Cisco S190 appliance For more information about configuring feature keys end user notifications logging and for details about other available web security appliance features see the Cisco S190 Web Security Appliance documentation Where to Go from Here Support Cisco Support http www cisco com c en us support web tsd cisco worldwide contacts ht ml U S Toll Free Number...

Page 19: ...port security web security appliance produ cts installation guides list html Cisco Web Security Appliance Documentation All hardware and software documentation for your Cisco Web Security Appliance http www cisco com c en us support security web security appliance tsd pr oducts support series home html Safety and Compliance Guide http www cisco com c en us support security web security appliance t...

Page 20: ...se To sign up visit http www cisco com cisco support notifications html A Cisco com account is required If you do not have one register at https tools cisco com RPF register register do Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and or its affiliates in the U S and other countries To view a list of Cisco trademarks go to this URL www cisco com go trademarks Third par...

Reviews: