Cisco Cisco Web Security Appliance S390 Betriebsanweisung
C O N F I G U R I N G A D M I N I S T R A T O R S E T T I N G S
C H A P T E R 2 2 : S Y S T E M A D M I N I S T R A T I O N
503
C O N F I G U R I N G A D M I N I S T R A T O R S E T T I N G S
You can configure the Web Security appliance to have stricter access requirements for
administrators logging into the appliance. You might want to do this to meet certain
organization requirements.
administrators logging into the appliance. You might want to do this to meet certain
organization requirements.
You configure these settings with the
adminaccessconfig
CLI command. You can configure
the appliance to:
• Display user-defined text at administrator login.
• Restrict administrator access to certain machines.
• Require stronger SSL ciphers for administrator access.
Configuring Custom Text at Login
Using the
adminaccessconfig > banner
CLI command, you can configure the appliance
to display any text you specify when an administrator tries to logs in. You might want to do
this to display a banner that informs the user of organizational policies and conditions. The
custom banner text appears when an administrator tries to access the appliance through all
interfaces, such as the web interface or via FTP.
this to display a banner that informs the user of organizational policies and conditions. The
custom banner text appears when an administrator tries to access the appliance through all
interfaces, such as the web interface or via FTP.
You can load the custom text by either pasting it into the CLI prompt or by copying it from a
file located on the Web Security appliance. To upload the text from a file, you must first
transfer the file to the configuration directory on the appliance using FTP.
file located on the Web Security appliance. To upload the text from a file, you must first
transfer the file to the configuration directory on the appliance using FTP.
Configuring IP-Based Administrator Access
Using the
adminaccessconfig > ipaccess
CLI command, you can control from which IP
addresses administrators access the Web Security appliance. Administrators can access the
appliance from any machine or from machines with an IP address from a list you specify.
appliance from any machine or from machines with an IP address from a list you specify.
When restrict access to an allow list, you can specify IP addresses, subnets, or CIDR
addresses.
addresses.
By default, when you list the addresses that can access the appliance, the IP address of your
current machine is listed as the first address in the allow list. You cannot delete the IP address
of your current machine from the allow list.
current machine is listed as the first address in the allow list. You cannot delete the IP address
of your current machine from the allow list.
Configuring the SSL Ciphers for Administrator Access
Using the
adminaccessconfig > strictssl
CLI command, you can configure the
appliance so administrators log into the web interface on port 8443 using stronger SSL ciphers
(greater than 56 bit encryption).
(greater than 56 bit encryption).
When you configure the appliance to require stronger SSL ciphers, the change only applies to
administrators accessing the appliance using HTTPS to manage the appliance. It does not
apply to other network traffic connected to the Web Proxy using HTTPS.
administrators accessing the appliance using HTTPS to manage the appliance. It does not
apply to other network traffic connected to the Web Proxy using HTTPS.