• Document: Cisco Web Security Appliance - Best Practices and Performance Troubleshooting
  • Size: 3.45 MB
  • Uploaded: 2019-07-18 05:39:58
  • Status: Successfully converted


Some snippets from your converted document:

BRKSEC-3303 Cisco Web Security Appliance - Best Practices and Performance Troubleshooting Ana Peric, M.Sc.E.E, Technical Leader Services Cisco Spark Questions? Use Cisco Spark to communicate with the speaker after the session How 1. Find this session in the Cisco Live Mobile App 2. Click “Join the Discussion” 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#BRKSEC-3303 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Abstract This session will describe the best practices of deploying and configuring Cisco Web Security Appliance (WSA), with the special attention to WSA configuration optimization in order to achieve the optimal system performance. Session will describe WSA best configuration practices in the first section, but also the most common “pitfalls” when it comes to configuring Web Security Appliance. Based on experience of Cisco TAC Engineers, we will continue with a deep-dive of troubleshooting WSA performance, that will give Web Security System Administrators more insights into tools and techniques of troubleshooting the most common performance related issues. Agenda • Introduction • Understanding Cisco Web Security Appliance Pipeline • Configuration Considerations and Best Practices • Troubleshooting WSA Performance Issues • Performance Monitoring & Final Thoughts • Q&A Introduction – About Me Ana Perić • Joined Cisco in 2012 • Based in Munich, Germany • Technical Leader Services in Cloud Support Organization (aka Cloud TAC) • M.Sc.E.E (Diploma Engineer of Electrical Engineering and Computer Science), CCIE #39884 R&S • Passionate about Web/Email Security, Cloud Technologies, Automation, and Innovation • Proud aunt of three-year-old boy BRKSEC-3303 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 For your reference symbol • There is a content in your handouts that is not going to be presented in this session, but is important for further reference • All the slides that are there for your reference are marked with: BRKSEC-3303 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Web Security Appliance Pipeline WSA Policy Types Refresher • Identification Policy (Who? / How? / How do we recognize/categorize the end- user?) • Access Policy (Actions for HTTP / HTTPS decrypted traffic) • Decryption Policy (HTTPS traffic handling / what do we decrypt?) • Routing Policy (Upstream Proxy Handling) • Outbound Malware Policy (Do we permit upload of Malware content) • Data Security Policy (What content type can we upload) • Other Policy Types: SaaS/SOCKS Policies/WTT BRKSEC-3303 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Web Security Appliance Pipeline for HTTP/HTTPS HTTP Client Request HTTPS Client Request Proxy Bypass List Protocols/User-Agent Proxy Bypass List Decryption Identification Profiles Custom URL Identification Profiles Pre-Defined URL (Who?) Category Match (Who?) Category WBRS Score Pre-Defined URL Custom URL AVC Calculation Category Category Match Authentication WBRS Score AVC Objects Authorization Calculation Guest Access? Authentication Objects MIME File-Type Filter Authorization MIME File-Type Filter Guest Access? Anti-Virus/Anti- Malware Scanning Anti-Virus/Anti- Malware Scanning Encryption Per Policy Matching Per Policy Matching

Recently converted files (publicly available):