how to configure cisco web security appliance to …...name software version hardware/software image...

Cisco public

© 2018 Cisco and/or its affiliates. All rights reserved.

How to Configure Cisco Web Security Appliance to Perform Video Caching

Introduction By integrating the Cisco® Web Security Appliance (WSA) and Web Cache Appliance from Unveil Technology, you can speed up your web access experience and save a significant amount of bandwidth. This integration helps to cache video content for multiple days. Users who are browsing similar videos at the same time, especially High Definition (HD) videos, can also benefit from it.

With Web Cache Appliance, you can cache popular websites like YouTube, Facebook, DailyMotion, Vimeo, Vevo, Google Maps and apps, Apple, Tumblr, Yandex, Google PlayStore, Windows Updates and others. It also support more than of the most popular Video, Music, Images and Library websites, CDNs including Windows Update, Apple and Android apps and thousands of websites by using generic patterns. Complete list can be obtained from the below link: http://www.unveiltech.com/vsvcb.php.

http://www.unveiltech.com/vsvcb.php

Cisco public


Contents

Introduction

Use cases addressed with this solution

Prerequisite requirements

Configuring the Web Security Appliance

Configuration

Figure 1. How Cisco WSA integrates with Web Cache Appliance

Arshad’s chalk talk video

Arshad’s chalk talk video

Arshad’s chalk talk videoWSA

WCA

Partn

ers

HTTPSCertificatefrom WCA

(Needs to be installed on all

the clients)

Web CacheAppliance

UpstreamProxy

URL Category for WCA:• Streaming Media• Software Updates

Cache

Arshad’s YouTubeVideo is Cached

YouTube


Saving Bandwidth

Caching Video and Software Updates

Blocking Adult Video content

Video Resolution locker

Cisco public


Contents

Introduction




Configuration

Prerequisite requirementsName Software Version Hardware/Software Image Download

WSA 9.x onwards WSA Appliances – S380, S680, S190, S390, S690 Virtual Appliances- S000v, S100v, S300v, S600v

WCA 3.3x onwards Web Cache Appliance ISO Image: http://cdn.unveiltech.ovh/download/wca.amd64.3.3222-7.iso

Configuring the Web Security Appliance• Log in to the Cisco WSA:

https://wsa_hostname:8443• Log in to the WSA using an admin user• Navigate to Network > Upstream Proxy

• Click on Add Group

• Click on Add Group • Give it a name and proxy address as a Web

Cache Box <IP address> with a port number (8182 as Default) and set reconnection attempts as 2.

• The Failure Handling field should be set to Connect directly

http://cdn.unveiltech.ovh/download/wca.amd64.3.3222-7.iso

https://wsa_hostname:8443

Cisco public


Contents

Introduction




Configuration

• Now navigate to Web Security Manager → Identification Profiles

• Under Identification Profiles → Click on Add Profile

• Give it name as a WCA and also add meaningful comments

• Under User Identification Method, select your AD/LDAP/ISE server or choose Exempt from Authentication/Identification

• Click on the Advanced link, and under URL Categories, add Streaming Audio and Streaming Video

• Click on Submit and commit the changes • Now navigate to Web Security Manager →

Routing Policies

Cisco public


Contents

Introduction




Configuration

• Click on Add Policy • Give it a meaningful name as your WCA, and

select the identification profile as WCA created earlier

• Submit changes

• Under Routing Destination from global policy change it to your WCA and commit the changes

• Lastly, we need to also do an HTTPS pass-through for the Video Streaming or audio streaming and commit the changes

Cisco public


Contents

Introduction




Configuration

ConfigurationTo configure the Web Cache Appliance:

• Download the Software Appliance from our web site and launch the automatic installer on your own hardware server (see technical requirement) or on your virtual machine

• Load the wca.amd64.3.3222-7.iso file into Hyper-V

This will start the automatic installation

• Please select the WebCache Appliance (Graphic Mode)

• Configure the keyboard using the language you want

• After few minutes of automatic installation, the solution will be completely installed

• It will automatically get an IP address from DHCP server

http://www.unveiltech.com/download.php#VideoCachebox

Cisco public


Contents

Introduction




Configuration

• Please change the IP address settings as per your network

• To open the GUI interface of the appliance <IP Address>:81

• For User Name: admin Password: admin <Default> Note: By-Default License is valid for 15days

• In the browser <WCA IP Address>:81

• Note: In order for the Clients to decrypt the traffic for HTTPS websites, we need to download the certificate and load it on all the clients

• Go to Settings• Click on Internet Optimization• Scroll down to HTTPS Interception. (Please

make sure its Enabled)

• Click Get the “Man-in-the-Middle” Certificate and upload it on all the systems using group policy (Active Directory)

• Optional: Navigate to Settings and then to Security

• Scroll down to Hot Videos Blocker

Note: By Default, Hot Video Blocker is Disabled

Cisco public

Contents

Introduction




Configuration

• Enable it, save it, and click Apply• Reporting and tracking on the WCA:

• The Statistics displayed will show more information on caching

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C07-740372-00 03/18

https://www.cisco.com/go/trademarks

how to configure cisco web security appliance to …...name software version hardware/software image...

Documents