IWSVA can be deployed in different modes to help secure your network. Learn more about the deployment topologies supported by IWSVA.
Transparent Bridge Mode
IWSVA acts as a bridge between network devices such as routers and switches. IWSVA scans passing HTTP and FTP traffic without the need to modify the browser or network settings. This is the easiest deployment mode with traffic being scanned in both directions. An additional dependency for this deployment mode is two network interface cards per transparent bridge segment protected with IWSVA. We recommend that the following network cards be used to ensure maximum compatibility in this deployment mode:
- ? Broadcom NetXtreme Series
- ? Intel Pro/1000 PT Dual Port Server Adapter
- ? Intel Pro/1000 MF Dual Port Fiber
IWSVA 5.6 features an optional High Availability (HA) deployment mode. In this mode, two IWSVA 5.6 nodes are configured as an HA cluster. In this configuration one of the nodes is designated as the parent, or active node, and is connected to a child, or passive node, through a “heartbeat” link.
In HA deployment mode, the parent node processes all “live” traffic while the child node remains in a passive state. If a failure in the parent node is detected, the child node then becomes the active node and the parent node is taken offline.
The HA deployment mode is only supported in Transparent Bridge mode.
Forward Proxy Mode
IWSVA acts as an upstream proxy for network clients. Client browser settings must be configured to redirect traffic to IWSVA. IWSVA scans HTTP and FTP traffic and there is no separate need for another dedicated proxy server. Content is scanned in both the inbound and outbound directions.
The Forward Proxy Mode also forwards all traffic to another upstream proxy server.
Reverse Proxy Mode
IWSVA is deployed in front of a Web server. IWSVA scans HTTP and FTP content from the clients that are uploaded to a Web server as well as content that is downloaded from the Web server to the clients and helps secure the Web server.
IWSVA acts as an ICAP proxy and accepts ICAP connections from an ICAP v1.0 compliant cache server. Cache servers can help reduce the overall bandwidth requirements and reduce latency by serving cached content locally. IWSVA scans and secures all content returned to the cache server and to the clients.
Simple Transparency Mode
IWSVA's Forward Proxy Mode supports simple transparency with popular Layer 4 load balancing switches and provides HTTP scanning without the need to modify the client's browser settings.
IWSVA works with Cisco's WCCP protocol to provide content scanning for Web and FTP traffic without the need to modify client configurations and allows redundancy and saleability to be designed into the architecture without additional hardware.