Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1320
Views
0
Helpful
6
Replies

transparent mode using L4 switch

horol_ironport
Level 1
Level 1

‎07-22-2009 11:47 AM

Hello,
I don't understand how can I use transparent mode using L4 switch (it's load-balancer, right?). I'm friendly with L4 switches, even though I can not imagine the topology and data flow.

I have two WSA boxes and I need configure active-backup model (therefore I can't use WCCP). I think, only one method is use WSA in forwarding mode and set 'proxy server' on clients.

Do you have any other idea?
What is better, one-arm, or routed mode for this situation?

martin

Labels:
0 Helpful
6 Replies 6

jowolfer
Level 1
Level 1

‎07-22-2009 04:59 PM

An L4 switch is one that can utilize PBR (policy based routing) to make routing decisions based on the port information.

So instead of sending traffic destined for an outside webserver on port 80 to the default route, it will send it to the WSA.

The configuration for this will differ depending on the particular L4 switch you are using. The configuration for active failover should be possible as well.

0 Helpful

horol_ironport
Level 1
Level 1

‎07-28-2009 05:28 PM

Thank you Josh,
it's clear now for me.

martin

0 Helpful

angfeglandagan
Level 1
Level 1

‎10-19-2009 07:02 AM

hi, is layer 4 switch better than wccp router?


and does WSA supports the web 2.0 applications?

0 Helpful

khoanguy
Level 1
Level 1

‎10-19-2009 11:41 PM

the WSA should work fine with "web 2.0" application (it's still http/https), there might be issues with specific site where the app fails to authenticate from auth request, but a auth bypass policy can be implemented.

As for wccp vs L4 switch?

wccp is the better choice because when wccp fails, it fails open and users still have internet access (depend on admin config with FW) and you can load balance with multiple web cache.

L4 switch is policy based routing, very specific, not as flexible with changes in environment, unless a load-balance appliance is considered.

0 Helpful

sir_yrwins
Level 1
Level 1

‎03-26-2024 11:12 AM

thank you . 
wow.. that it is getting more clear.
Do you guys have a example of how the L4 switch is configure. 
so I can see . and also you have to tell the WSA that you have a L4 (host) and receive all the traffic?

 

0 Helpful

amojarra
Cisco Employee
Cisco Employee

‎03-28-2024 06:04 AM

Hello @sir_yrwins 

 

Maybe this could help : 

Microsoft Word - Tech Note ASA PBR for WSA.doc (cisco.com)

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++        If you find this answer helpful, please rate it as such      ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents