Cisco public
© 2018 Cisco and/or its affiliates. All rights reserved.
How to Configure Cisco Web Security Appliance to Perform Video Caching
Introduction By integrating the Cisco® Web Security Appliance (WSA) and Web Cache Appliance from Unveil Technology, you can speed up your web access experience and save a significant amount of bandwidth. This integration helps to cache video content for multiple days. Users who are browsing similar videos at the same time, especially High Definition (HD) videos, can also benefit from it.
With Web Cache Appliance, you can cache popular websites like YouTube, Facebook, DailyMotion, Vimeo, Vevo, Google Maps and apps, Apple, Tumblr, Yandex, Google PlayStore, Windows Updates and others. It also support more than of the most popular Video, Music, Images and Library websites, CDNs including Windows Update, Apple and Android apps and thousands of websites by using generic patterns. Complete list can be obtained from the below link: http://www.unveiltech.com/vsvcb.php.
Cisco public
© 2018 Cisco and/or its affiliates. All rights reserved.
Contents
Introduction
Use cases addressed with this solution
Prerequisite requirements
Configuring the Web Security Appliance
Configuration
Figure 1. How Cisco WSA integrates with Web Cache Appliance
Arshad’s chalk talk video
Arshad’s chalk talk video
Arshad’s chalk talk videoWSA
WCA
Partn
ers
HTTPSCertificatefrom WCA
(Needs to be installed on all
the clients)
Web CacheAppliance
UpstreamProxy
URL Category for WCA:• Streaming Media• Software Updates
Cache
Arshad’s YouTubeVideo is Cached
YouTube
Use cases addressed with this solution
Saving Bandwidth
Caching Video and Software Updates
Blocking Adult Video content
Video Resolution locker
Cisco public
© 2018 Cisco and/or its affiliates. All rights reserved.
Contents
Introduction
Use cases addressed with this solution
Prerequisite requirements
Configuring the Web Security Appliance
Configuration
Prerequisite requirementsName Software Version Hardware/Software Image Download
WSA 9.x onwards WSA Appliances – S380, S680, S190, S390, S690 Virtual Appliances- S000v, S100v, S300v, S600v
WCA 3.3x onwards Web Cache Appliance ISO Image: http://cdn.unveiltech.ovh/download/wca.amd64.3.3222-7.iso
Configuring the Web Security Appliance• Log in to the Cisco WSA:
https://wsa_hostname:8443• Log in to the WSA using an admin user• Navigate to Network > Upstream Proxy
• Click on Add Group
• Click on Add Group • Give it a name and proxy address as a Web
Cache Box <IP address> with a port number (8182 as Default) and set reconnection attempts as 2.
• The Failure Handling field should be set to Connect directly
Cisco public
© 2018 Cisco and/or its affiliates. All rights reserved.
Contents
Introduction
Use cases addressed with this solution
Prerequisite requirements
Configuring the Web Security Appliance
Configuration
• Now navigate to Web Security Manager → Identification Profiles
• Under Identification Profiles → Click on Add Profile
• Give it name as a WCA and also add meaningful comments
• Under User Identification Method, select your AD/LDAP/ISE server or choose Exempt from Authentication/Identification
• Click on the Advanced link, and under URL Categories, add Streaming Audio and Streaming Video
• Click on Submit and commit the changes • Now navigate to Web Security Manager →
Routing Policies
Cisco public
© 2018 Cisco and/or its affiliates. All rights reserved.
Contents
Introduction
Use cases addressed with this solution
Prerequisite requirements
Configuring the Web Security Appliance
Configuration
• Click on Add Policy • Give it a meaningful name as your WCA, and
select the identification profile as WCA created earlier
• Submit changes
• Under Routing Destination from global policy change it to your WCA and commit the changes
• Lastly, we need to also do an HTTPS pass-through for the Video Streaming or audio streaming and commit the changes
Cisco public
© 2018 Cisco and/or its affiliates. All rights reserved.
Contents
Introduction
Use cases addressed with this solution
Prerequisite requirements
Configuring the Web Security Appliance
Configuration
ConfigurationTo configure the Web Cache Appliance:
• Download the Software Appliance from our web site and launch the automatic installer on your own hardware server (see technical requirement) or on your virtual machine
• Load the wca.amd64.3.3222-7.iso file into Hyper-V
This will start the automatic installation
• Please select the WebCache Appliance (Graphic Mode)
• Configure the keyboard using the language you want
• After few minutes of automatic installation, the solution will be completely installed
• It will automatically get an IP address from DHCP server
Cisco public
© 2018 Cisco and/or its affiliates. All rights reserved.
Contents
Introduction
Use cases addressed with this solution
Prerequisite requirements
Configuring the Web Security Appliance
Configuration
• Please change the IP address settings as per your network
• To open the GUI interface of the appliance <IP Address>:81
• For User Name: admin Password: admin <Default> Note: By-Default License is valid for 15days
• In the browser <WCA IP Address>:81
• Note: In order for the Clients to decrypt the traffic for HTTPS websites, we need to download the certificate and load it on all the clients
• Go to Settings• Click on Internet Optimization• Scroll down to HTTPS Interception. (Please
make sure its Enabled)
• Click Get the “Man-in-the-Middle” Certificate and upload it on all the systems using group policy (Active Directory)
• Optional: Navigate to Settings and then to Security
• Scroll down to Hot Videos Blocker
Note: By Default, Hot Video Blocker is Disabled
Cisco public
Contents
Introduction
Use cases addressed with this solution
Prerequisite requirements
Configuring the Web Security Appliance
Configuration
• Enable it, save it, and click Apply• Reporting and tracking on the WCA:
• The Statistics displayed will show more information on caching
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C07-740372-00 03/18