Cisco Cisco Web Security Appliance S390 Betriebsanweisung
4
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
New Feature: Native FTP
Prior to AsyncOS for Web 6.0, the Web Security appliance supported FTP over HTTP in
addition to HTTP and HTTPS.
addition to HTTP and HTTPS.
With AsyncOS for Web 6.0, the Web Security appliance supports traffic sent over native FTP.
This allows you to control and secure the native FTP traffic in your organization, in addition to
HTTP and HTTPS traffic. For example, you can control users who are allowed to download or
upload documents over FTP. You can also scan content downloaded over FTP with the
IronPort DVS engine and the anti-malware scanning engines.
This allows you to control and secure the native FTP traffic in your organization, in addition to
HTTP and HTTPS traffic. For example, you can control users who are allowed to download or
upload documents over FTP. You can also scan content downloaded over FTP with the
IronPort DVS engine and the anti-malware scanning engines.
For more information, see “Working with FTP Connections” on page 74.
New Feature: Multiple Identities in a Policy Group
In AsyncOS for Web 6.0, you can add multiple Identities to a single non-Identity policy
group. This allows you to keep Identities as granular as required, and then either associate
them all with a single policy group or with different policy groups. This can be useful after a
merger, when you need to keep the Identities of the merged companies separate because they
use different authentication realms, but use both these Identities together in a single uniform
policy.
group. This allows you to keep Identities as granular as required, and then either associate
them all with a single policy group or with different policy groups. This can be useful after a
merger, when you need to keep the Identities of the merged companies separate because they
use different authentication realms, but use both these Identities together in a single uniform
policy.
New Feature: Warning Users Before Continuing
With AsyncOS for Web 6.0, you can warn users that a site does not meet the organization's
acceptable use policies and allow them to continue if they choose. To warn users and allow
them to continue, configure the URL categories for an Access Policy group.
acceptable use policies and allow them to continue if they choose. To warn users and allow
them to continue, configure the URL categories for an Access Policy group.
When users access a URL that is configured to warn and continue, they initially see an
IronPort notification page with a warning about accessing sites of this category. The end-user
URL category warning page includes a “continue” hypertext link to the originally requested
URL. With this continue option, the end-user can review the company's acceptable use
policy and, if desired, continue accessing the blocked site. End-user actions are appropriately
logged.
IronPort notification page with a warning about accessing sites of this category. The end-user
URL category warning page includes a “continue” hypertext link to the originally requested
URL. With this continue option, the end-user can review the company's acceptable use
policy and, if desired, continue accessing the blocked site. End-user actions are appropriately
logged.
For more information, see “Warning Users and Allowing Them to Continue” on page 286.
Enhanced: Authentication
AsyncOS 6.0 for Web includes several changes and enhancements to authentication.
Re-Authentication
In AsyncOS for Web 6.0, it is possible for a user to re-authenticate when blocked from
accessing a web site due to restrictive URL filtering. Users can enter different authentication
credentials that allow broader access. To do this, enable the “Enable Re-Authentication
Prompt If End User Blocked by URL Category” global authentication setting. This is useful in
many situations including, for example, authenticating users on a shared workstation, or
allowing a teacher to enter higher privileged credentials to provide access to restricted
websites to students for a limited time.
accessing a web site due to restrictive URL filtering. Users can enter different authentication
credentials that allow broader access. To do this, enable the “Enable Re-Authentication
Prompt If End User Blocked by URL Category” global authentication setting. This is useful in
many situations including, for example, authenticating users on a shared workstation, or
allowing a teacher to enter higher privileged credentials to provide access to restricted
websites to students for a limited time.