SIMULATION
Configure the CWS connector on the ISR-G2 router at a branch office.
Answer: See the explanation
Explanation:
We need to define the parameter map, specifying port 8080 for http and https and define the
servers and the license:
Branch-ISR#config t
Branch-ISR(config)# parameter-map type content-scan global
Branch-ISR(config-profile)#server scansafe primary name proxy-a.scansafe.net port http 8080 https
8080
Branch-ISR(config-profile)#server scansafe secondary name proxy-b.scansafe.net port http 8080
https 8080
Branch-ISR(config-profile)#license 0 0123456789abcdef
If the CWS proxy servers are not available, we traffic should be denied. This is done by the following
configuration:
Branch-ISR(config-profile)#server scansafe on-failure block-all
Now we need to apply this to the fastethernet 0/1 interface outbound:
Branch-ISR(config)#interface Fastethernet 0/1
Branch-ISR(config-if)#content-scan outbound
Branch-ISR(config-if)#exit
Branch-ISR(config)#exit
Finally, we can verify out configuration by using the “show content-scan summary command:
Branch-ISR#show content-scan summary
Primary: 72.37.244.203(Up)*
Secondary: 70.39.231.99 (Up)
Interfaces: Fastethernet0/1