Upload File

cws deployment table march2013

2
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 2 Feature comparison across traffic redirection options for Cisco Cloud Web Security The table below lists the different traffic redirection options when deploying Cisco Cloud Web Security (CWS). This includes details such as authentication mechanisms and features supported on individual platforms. Please refer to this table before transitioning from your existing deployment option. All platforms listed have the capability to redirect traffic (port 80 and 443) and forward authenticated user details to Cisco Cloud WebSecurity. The supported features differ depending on which platform is used to connect to CWS ASA Connector ISR Connector Native Connector Hosted PAC AnyConnect Cloud Web Security features supported whilst using any platform HTTPS Inspection (MITM) 1 All platforms Web Filtering Exceptions All platforms URL Categorization All platforms Application Visibility and Control feature All platforms URL Dynamic Classification All platforms Customizable Notifications All platforms Outbreak Intelligence (Zero Day Malware) All platforms Outbound Content Control All platforms AUP 2 No No Yes No No Quotas 3 No No Yes No No Redirection Capabilities Supported user redirection method Transparent Transparent Explicit Explicit Transparent How devices authenticate to cloud License Key 4 License Key 4 License Key 4 and Egress IP Egress IP License Key 4 Tower Failover 5 Failover is determined by lost connection not slow connection - Connection to the towers is checked at regular interval and failover to another tower occurs on the platform if tower does not return a response Via proxy PAC file Available in version 3.1 when configured with Detect Closest Tower (DCT) SSL Tunneling 6 No No Yes No Yes (default) Whitelisting (Exceptions) 7 options IP, IP Ranges IP, IP Ranges, URL Host (with wildcard), User Agent IP, IP Ranges, URL Host (with wildcard), User Agent IP, IP Ranges, URL Host (with wildcard), User Agent IP, IP Ranges, Host

Upload: nirina2013

Post on 29-Oct-2015

44 views

Category:

Documents


0 download

Report

DESCRIPTION

scansafe

TRANSCRIPT

Page 1: CWS Deployment Table March2013

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 2

Feature comparison across traffic redirection options for Cisco Cloud Web Security

The table below lists the different traffic redirection options when deploying Cisco

Cloud Web Security (CWS). This includes details such as authentication mechanisms

and features supported on individual platforms. Please refer to this table before

transitioning from your existing deployment option.

All platforms listed have the capability to redirect traffic (port 80 and 443) and forward authenticated user details to Cisco Cloud WebSecurity. The supported features differ depending on which platform is used to connect to CWS

ASA Connector ISR Connector Native Connector Hosted PAC AnyConnect

Cloud Web Security features supported whilst using any platform

HTTPS Inspection (MITM)

1

All platforms

Web Filtering Exceptions

All platforms

URL Categorization All platforms

Application Visibility and Control feature

All platforms

URL Dynamic Classification

All platforms

Customizable Notifications

All platforms

Outbreak Intelligence (Zero Day Malware)

All platforms

Outbound Content Control

All platforms

AUP 2 No No Yes No No

Quotas 3 No No Yes No No

Redirection Capabilities

Supported user redirection method

Transparent Transparent Explicit Explicit Transparent

How devices authenticate to cloud

License Key 4 License Key

4 License Key

4 and

Egress IP Egress IP License Key

4

Tower Failover 5 Failover is determined by lost connection not slow connection

- Connection to the towers is checked at regular interval and failover to another tower occurs on the platform if tower does not return a

response

Via proxy PAC file Available in version 3.1 when configured with Detect Closest

Tower (DCT)

SSL Tunneling 6 No No Yes No Yes (default)

Whitelisting (Exceptions)

7 options

IP, IP Ranges IP, IP Ranges, URL Host (with wildcard), User Agent

IP, IP Ranges, URL Host (with wildcard), User Agent

IP, IP Ranges, URL Host (with wildcard), User Agent

IP, IP Ranges, Host

Page 2: CWS Deployment Table March2013

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 2

ASA Connector ISR Connector Native Connector Explicit Proxy AnyConnect

Authentication details

Mechanism IDFW ISR AAA Services Proxy NTLM N/A GP result API - Windows

Additional options8

EasyID / SAML EasyID / SAML EasyID / SAML EasyID / SAML EasyID / SAML

Transparent Yes Yes Yes No Yes

Supported browsers

IE, FF, Safari, Chrome IE, FF, Chrome IE,FF N/A IE, FF, Safari, Chrome

Supported Operating Systems

Windows / OS X Windows Windows N/A Windows / OS X

Non transparent Yes Yes Yes Yes No

Supported browsers

All All All All N/A

Supported Operating Systems

Windows / OS X / iOS devices

Windows / OS X / iOS devices

Windows / OS X / iOS devices

Windows / OS X / iOS devices

N/A

Supported protocols NTLM (v1, v2), LDAP, Kerberos, TACACS and Radius

NTLM (v1, v2), LDAP, TACACS and Radius

NTLM (v1) LDAP NTLM - Windows API

Version that supports CWS Integration

9.0 above ISR G2, 15.2 MT Any N/A 3.0 above

Additional details:

1. HTTPS inspection is an optional feature (no additional cost) for scanning of HTTPS traffic.

2. Acceptable Use Policy (AUP) is available only with Native Connector which controls this by keeping track of when/if users last agreed to this. This is not done in the cloud, or by other Connectors

3. Quotas are available only with Native Connector which controls this by keeping track of browsing usage. This is not done in the cloud, or by other Connectors

4. A company/Group key is always used with ASA, ISR, and AnyConnect. This is optional with Native Connectors, and can be skipped if scanning IPs are defined in ScanCenter

5. All connectors have the ability to configure a primary and a secondary proxy

6. SSL Tunneling is a feature that encrypts all communications between the Connector and the cloud infrastructure via an SSL tunnel

7. Whitelisting is configured at Connector level to whitelist certain traffic from being redirected to CWS. This can be configured through a PAC file when using explicit proxy settings

8. Additional options denote authentication mechanisms that can be used instead of the platform’s built-in authentication mechanisms

Printed in USA C96-721282-00 11/12


Woollabs overview march2013

MDS LLS final March2013.ppt

GoodNews.23 03.March2013

Meftih March2013 issue

CWS KITS | CWS BLANKETS IMPACT REPORT 2019

Politics march2013

Samm generalpresantation march2013-en

SEP March2013 Promotions

Etrc advisory board meeting march2013

Eddl5131 assignment 1 march2013

SL March2013

Cornerstone brochure march2013

CWS IndustryLine CWS Materials...CWS IndustryLine Jumbo Abrasiva Heavy Duty CWS Materials CWS Soap / Handlotion Slim 500 ml Universal 1.000 ml 1000435 1000508 1000145 1000425 1000643

Elance Freelancer Guide March2013

MORE - MOOLTO.COM - March2013

Clin in Perin March2013

Cooperativeerative Weichteilsarkom Weichteilsarkom ...€¦ · CWS Cooperativeerative Weichteilsarkom Weichteilsarkom Studiengruppe CWS der GPOH CWS-2002P TOS CWS SoTiSaR Register

The cloud march2013

2013 Service Training Catalog March2013

VKIC NewsLetter : October2012 - March2013

Propellor business opnsworkshop march2013

Ifc iga geothermal-exploration_best_practices-march2013

Westpac Coast to Coast (March2013)

Barometr march2013

BOR Enrollment Update March2013

Jg drinks brochure march2013

By P.DUBARDandV.B.MATVEEV March2013

Que Viva-March2013

Hfsblueprintreport financeaccounting march2013

SOM Newsletter March2013 Blog

Dcuc alert march2013

AXTAL presentation March2013

Chimes March2013

H2020 march2013-v6

NoshiravaniBrühwiler_ExpInvestigation ACI_StructJournal March2013