I have recently installed WSA S170 in one site which is pointing to one of the existing proxy. I have defined routing policy in new proxy through which some of the local domain is accessible through new proxy and rest of the domain will be through existing proxy.
User's are facing slowness when they are accessing other than local domain at the same time local domain is working fine.
I have disabled all scanning feature in new proxy for all other domain to avoid delay but still issue persist.
For local Domain :
Client ----> New Proxy---> Internet
Other domain :
Client ---> new proxy---> Existing proxy---> Internet
Version information :
New proxy : cisco wsa s170 OS : 7.7.0 - 753
Exising proxy : cisco wsa s670 OS : 7.5.1 - 201
Is it becuse of dual proxy connection hapening for other domain?
In cases wherein we have an upstream proxy, we need to make the following configuration on the WSA:
-- Go to 'Network' tab > 'Upstream Proxy' > Configure the Upstream Proxy
-- Go to 'Web Security Manager' > 'Routing Policy' > Configure a policy to use the Routing Destination pointing to the Upstream Proxy configured above.
-- If the upstream proxy is performing authentication, you will need to disable authentication on the Cisco Ironport Web Security Appliance.
Note: If the path to get to the software update site is also through the same upstream proxy, then Go to 'System Administration' > 'Upgrade and Update Settings' > Edit Update Settings > configure the Proxy Server section.
I am facing performance issue (Slowness) in this setup so not sure what could be the reason.
I have disabled all scanning facility in donstream proxy which could delay the connection. (Outbound malware scanning, Decryption policy is pass through, added those domain in bypass setting though proxy is working in explicit mode.)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :