IronPort S660, Quick Start Manual

Deployment Options

❏ 

Web Proxy

   ❏ 

Transparent with L4 Switch         

   ❏ 

Transparent with WCCP Router    

   ❏ 

Explicit For ward Proxy

❏ 

L4 Traffi c Monitor

❏ 

Simplex tap   

❏ 

Duplex tap

Network Context

Is there another proxy on the network?

❏ 

No     Yes   

❏ 

in Transparent Mode    

❏ 

In For ward Mode

Other Proxy in For ward Mode: 

IP address and Por t:

Network Settings

Default System Hostname:

DNS Ser vers 

❏ 

Use the Internet’s root DNS ser vers

❏ 

Use these DNS ser vers (maximum 3):

1.
2.                                              
3.

Network Time Protocol (NTP) ser ver: 

IP address and host name:

Time Zone Region:

Region:                      Countr y:                    GMT Offset:

Interface Settings

Management Inter face M1 Ethernet por t only

IP address:    
Network mask:  
Host name:

NOTE:

 The Web Proxy can share the Management inter face. If confi gured separately, the Data inter face IP address and the Management 

inter face IP address cannot share the same subnet.

Data Inter face 

IP address:  
Network mask: 
Host name:

Routes

Internal Routes for Management 

Default Gateway:
Static Route Name:  
Static Route Destination Network: 
Static Route Gateway:    

I

nternal Routes for Data

Default Gateway:
Static Route Name:  
Static Route Destination Network: 
Static Route Gateway:  

Transparent Routing Device

Device type:

❏ 

Layer-4 switch                 

❏ 

WCCP router

NOTE:

 When you connect the appliance to a WCCP router, you must confi gure the Web Security appliance to create WCCP ser vices after 

you run the System Setup Wizard.

Administrative Settings

Administrative Password:

❏ 

AutoSuppor t

Send Email System Aler ts to:

Security Services

❏ 

IP Spoofi ng

L4 Traffi c Monitor:                       

❏ 

Monitor Only  

❏ 

Block

❏ 

IronPor t URL Filtering

❏ 

Web Reputation Filters

Malware and Spyware Scanning:   

❏ 

Enable Webroot

❏ 

Enable McAfee

Action for Detected Malware:                

❏ 

Monitor Only  

❏ 

Block

Action for Unscannable Transactions:    

❏ 

Monitor Only  

❏ 

Block

❏ 

SenderBase Network Par ticipation 

Par ticipation Level:                              

❏ 

Limited          

❏ 

Standard

Networking Worksheet

IronPort S-Series Web Security Appliance

P/N 421-0097

1

U N PA C K

2

P L A N   T H E 
I N S TA L L AT I O N

IronPort S660 and S360

Web Security Appliance

The IronPort S-Series Web Security Appliance

 (WSA) integrates integrates seamlessly into any 

corporate network to defend against a wide variety of web-based malware threats such as malware, 
spyware, malicious system monitors, Trojans, phishing, and pharming. Additionally, the S-Series 
appliance provides a next generation platform to control and monitor web traffi c that originates from 
within the network.

Use this Quick Star t Guide to get the IronPor t S-Series appliance installed and running on your
network, and refer to the Deployment chapter in the Web Security Appliance 

User Guide

 for 

information about how to confi gure appliance settings.

Before you star t, make sure you have the following equipment:

• Rack cabinet enclosure

• RapidRails

TM

 and adaptor kits

• 10/100/Gigabit BaseT TCP/IP local area network (LAN)

Note:

 The Networking Work-

sheet that is located toward 
the back of this guide is a 
useful prerequisite to running 
the System Setup Wizard. 
Ironpor t strongly recommends 
using the Networking Work-
sheet to plan your deployment 
and record the information 
that you need to complete 
the initial confi guration.

Note:

 To monitor true client IP addresses, 

the L4 Traffi c Monitor should always be 
confi gured inside the fi rewall and before
NAT (Network Address Translation).

• Documentation CD

• Safety and Compliance Guide

• Terms and Conditions of Use

• Release Notes

Verify that the system box contains the following items:

Dual-Head

Power

Cables

(2)

Straight

Power

Cables

(2)

Ethernet

Cable

Null Modem

Cable

• IronPor t S-Series appliance

• Dual-head power cables (1)

• Straight power cables (2)

• Ethernet

TM

 cable

• Null Modem cable

Decide how you are going to confi gure the appliance within your network.

The S-Series appliance is typically installed as an additional layer in the network between clients 
and the Internet. Depending on how you deploy the appliance, you may or may not need a Layer 4 
(L4) switch or a WCCP router to direct client traffi c to the appliance. Deployment options include:

• 

Transparent Proxy

 – Web proxy with an L4 switch

• 

Transparent Proxy

 – Web proxy with a WCCP router

• 

Explicit Forward Proxy

 – Connected to a network switch

• 

L4 Traffi c Monitor

 – Ethernet tap (simplex or duplex)

 – 

Simplex Mode:

 Por t T1 receives all outgoing traffi c and por t T2 receives all incoming traffi c.

 – 

Duplex Mode:

 Por t T1 receives all incoming and outgoing traffi c.

M2

M1

P1

P2

T1

T2

Clients

Ethernet tap

Simplex/Duplex

Firewall

Management PC

Internet

L4 switch

WCCP router