cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2521
Views
5
Helpful
5
Replies

WSA 390 Explicit Proxy Mode

Bilal Ahmad
Level 1
Level 1

Hi

I have two Cisco WSA 390 boxes and I have the below types of users

1. Domain users which I am planning to integrate with WSA and apply the policies from WSA for Internet Access.
2. Wireless Guest which are authenticated by WLC and access the internet and these users are not part of any domain.
3. Tenant users which are located in my remote branches and are part of different domain which I have no control but these users come to my network for internet access.

For #1 I can simply use explicit proxy and I can push the proxy setting from AD group policy and users will use WSA as a proxy.
For #2 and #3 I am planning to use the PBR in my cisco Core switch. Since internet traffic from both 2 and 3 are passing through the core , can I use a PBR and direct all traffic to WSA IP? Will that work for me as I don't have the option of pushing the proxy IP in these clients.

Please advice

Thanks

1 Accepted Solution

Accepted Solutions

kushsriva
Level 1
Level 1

Hi Bilal,

If you want to configure Explicit Proxy in your network, you can check the WPAD configuration. 

The Web Proxy Auto-Discovery (WPAD) protocol is a method used by Web browsers to locate a Proxy Auto-Config (PAC) file automatically.

WPAD can use DNS or DHCP to locate a PAC file.

A DHCP server must be configured to serve an additional setting in an IP address assignment; option 252. This option specifies the exact location of the PAC file.

The file name does not need to follow any specific naming convention, however if WPAD DNS is to be used also, the file must have the file name wpad.dat.

For more information, you can refer to: http://www.cisco.com/c/en/us/td/docs/security/web_security/connector/connector3000/WPADAP.html

Thanks & Regards,

Kushagra Srivastava

View solution in original post

5 Replies 5

Ravi Singh
Level 7
Level 7

You can also use WCCP. WCCP enables supported Cisco routers and switches to transparently redirect content requests. With transparent redirection, users do not have to configure their browsers to use a web proxy. Instead, they can use the target URL to request content, and their requests are automatically redirected to an application engine. For more information please see the below link

Configuring WCCP - Cisco

Hi Ravi

Thanks for the answer. I would have been using WCCP  but the customer is not ready for using it. I have to use the explicit proxy mode. Can I configure it the way I have mentioned in my first topic?

Please advice

Thanks

Bilal What I think You can configure PBR on core switch and host the PAC file on WSA to push the proxy setting for #2 and #3. Hope this work for you

Check the link below


http://www.cisco.com/c/en/us/td/docs/security/web_security/connector/connector3000/WPADAP.html


Moreover Web Proxy Auto-Discovery (WPAD) protocol is a method used by Web browsers to locate a Proxy Auto-Config (PAC) file automatically.

WPAD can use DNS or DHCP to locate a PAC file.

A DHCP server must be configured to serve an additional setting in an IP address assignment; option 252. This option specifies the exact location of the PAC file.

The file name does not need to follow any specific naming convention, however if WPAD DNS is to be used also, the file must have the file name wpad.dat.

kushsriva
Level 1
Level 1

Hi Bilal,

If you want to configure Explicit Proxy in your network, you can check the WPAD configuration. 

The Web Proxy Auto-Discovery (WPAD) protocol is a method used by Web browsers to locate a Proxy Auto-Config (PAC) file automatically.

WPAD can use DNS or DHCP to locate a PAC file.

A DHCP server must be configured to serve an additional setting in an IP address assignment; option 252. This option specifies the exact location of the PAC file.

The file name does not need to follow any specific naming convention, however if WPAD DNS is to be used also, the file must have the file name wpad.dat.

For more information, you can refer to: http://www.cisco.com/c/en/us/td/docs/security/web_security/connector/connector3000/WPADAP.html

Thanks & Regards,

Kushagra Srivastava

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: