Lab Simulation
A.
B.
C.
D.
Correct Answer:
Explanation/Reference:
Answer:
We need to define the parameter map, specifying port 8080 for http and https and define the servers and the license:
Branch-ISR#config t
Branch-ISR(config)#parameter-map type content-scan global Branch-ISR(config-profile)#server scansafe primary name proxya. scansafe.net port http 8080 https 8080
Branch-ISR(config-profile)#server scansafe secondary name proxyb. scansafe.net port http 8080 https 8080
Branch-ISR(config-profile)#license 0 0123456789abcdef
If the CWS proxy servers are not available, we traffic should be denied. This is done by the following configuration:
Branch-ISR(config-profile)#server scansafe on-failure block-all
Now we need to apply this to the fastethernet 0/1 interface outbound:
Branch-ISR(config)#interface Fastethernet 0/1
Branch-ISR(config-if)#content-scan outbound
Branch-ISR(config-if)#exit
Branch-ISR(config)#exit
Finally, we can verify out configuration by using the "show content-scan summary command:
Branch-ISR#show content-scan summary
Primary: 72.37.244.203(Up)*
Secondary: 70.39.231.99 (Up)
Interfaces: Fastethernet0/1
Explanation/Reference:
Answer:
We need to define the parameter map, specifying port 8080 for http and https and define the servers and the license:
Branch-ISR#config t
Branch-ISR(config)#parameter-map type content-scan global Branch-ISR(config-profile)#server scansafe primary name proxya. scansafe.net port http 8080 https 8080
Branch-ISR(config-profile)#server scansafe secondary name proxyb. scansafe.net port http 8080 https 8080
Branch-ISR(config-profile)#license 0 0123456789abcdef
If the CWS proxy servers are not available, we traffic should be denied. This is done by the following configuration:
Branch-ISR(config-profile)#server scansafe on-failure block-all
Now we need to apply this to the fastethernet 0/1 interface outbound:
Branch-ISR(config)#interface Fastethernet 0/1
Branch-ISR(config-if)#content-scan outbound
Branch-ISR(config-if)#exit
Branch-ISR(config)#exit
Finally, we can verify out configuration by using the "show content-scan summary command:
Branch-ISR#show content-scan summary
Primary: 72.37.244.203(Up)*
Secondary: 70.39.231.99 (Up)
Interfaces: Fastethernet0/1
this sim does not work as it should have ip address associated with the profile commands such as :
server scansafe primary ipv4 72.37.244.203 port http 8080 https 8080
server scansafe secondary ipv4 70.39.231.99 port http 8080 https 8080
they have the Cloud Web Security tower name used instead of the tower IP address, but on the interface 0/1 you have add the ip address or the interface is not configure with the ip address.
Two options configure the server name or IP address of the primary and/or secondary Cloud Web Security proxy servers, as well as ports to use for redirecting HTTP and HTTPS requests. Cloud Web Security uses port 8080 for both HTTP and HTTPS traffic
parameter-map type content-scan global
[no] server scansafe {primary | secondary} ipv4 port http https
Cisco Integrated Services Router
Generation 2 with Cisco Cloud
Web Security
lic 0 0123456789abcdef
source interface fa0/1
Did you pass the exam? The questions and answers here are valid and correct?