07-25-2014 05:31 AM - edited 03-08-2019 06:56 PM
Questions asked during the Live Expert Webcast on July 22, 2014 with Cisco subject matter expert Kureli Sankar explaining how to integrate Cisco Cloud Web Security (CWS) with the Cisco Integrated Services Router Generation 2 (ISR G2). Additionally, attendees will learn how the ISR G2 works with Cisco CWS and the necessary steps required as well as things to take into consideration when deploying Cisco CWS with Cisco ISR G2.
Related Links
A: No - you would need ISR or ASA or WSA or a standalone connector.
A: Management tools which can be used are:
A: We can get the report based on the IP Address but not using MAC Address. This reporting works for all the users whether corporate/guest whether they use AD or not.
A: The video recording will be available in the cisco support community within five business days. You will be able to see it from below mentioned link:
https://supportforums.cisco.com/expert-corner/knowledge-sharing
You would need your own scancenter account and then you can do the exact demo our expert Kureli is doing. Typically SEs get their own account and the way to get an account is through sending a request as detailed in:
http://sswiki.cisco.com/index.php/Labs#Cisco_SE.27s_and_other_Employees
There is something called NFR accounts to registered partners. The wiki page talks about how that is done.
A: Absolutely, our SIO and PSIRT Team monitors the the process. When "heartbleed" came into action we got the information at early stage and we were able to come up with fixes and patches. Yes collaboration between both teams enables a swift and prompt action.
A: We have come across couple of cases describing the above mentioned issue.As Geographical Identification of Primary and Secondary tower is done by ISR. Sometimes while recording the locations there could be a mis-match entry of tower location for eg. ISR shows Primary tower in "Florida" geographically but physically it may be connected to a tower somewhere in "California", hence a mis-match configuration results in slow access of internet as an extra hop is added. User need to get in sync with CWS team. So that such mis-match could be rectified and avoided.
A:This is a rare issue which occurs due to Crypto ISN module used in ISR G2 router. The issue is already resolved and patched in v15.4 which will be available very soon.
A: This is a very simple issue, this happens when we have mis-configuration of source interfaces on ISR which reaches to tower. The interfaces checks the tower's availability by sending ICMP echo packet on port 80.
A: Yes there is a 45 days Evaluation license available for the users. User need to reach to Cisco Local Account team for the same.
A: Yes, CWS is compatible with ZBF and IOS IPS.
A: If user is in US ideally he should get US google or yahoo page. You get different page because might be that Country doesn't support tower allocation and unwillingly user has to send traffic through other country. Country which doesn't support are China,UAE.
A: For this you need to add your "intranet" websites under "white list".
A: Approximately 32000 concurrent sessions can be achieved.
A: You would require change in setup because once CWS receives the packet it transfers them towards the towers and changes the destination IP along with port number (80,443 to 80). If you have proxy then proxy will change destination IP and will send data on 8080. So changes should be made in ISR to read traffic coming from 8080 also else it will keep denying. User would require a NAT device inside for the conversation.
A: Currently IPV6 is not supported. Product Management team is already working over it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: