Cisco Cisco ScanSafe Wi-Fi Hotspot Security White Paper
Cisco CWS
– ASA 5500 Deployment Guide
9
Test
Deploy
Prepare
Figure 2.9
There are two ACLs that match the traffic for Cloud Web Security filtering: one for HTTP and one for
HTTPS. To ensure proper whitelisting, an Access Control Entry (or ACE) will need to be added to
both ACL’s referencing the SOURCE_WHITELIST group object.
HTTPS. To ensure proper whitelisting, an Access Control Entry (or ACE) will need to be added to
both ACL’s referencing the SOURCE_WHITELIST group object.
*Note: The proper placement of the whitelisting ACE should occur before the ACE forwards traffic to
the Cloud Web Security service. This can be achieved by using line 1 in the configuration command.
the Cloud Web Security service. This can be achieved by using line 1 in the configuration command.
Figure 2.10
To demonstrate destination whitelisting, apply the aforementioned configuration to the ASA.
Step 4:
From your test machine, browse to
. As expected, you should see the
message ‘User is not currently using the service.’
Filtering Policy. This should only take effect when traffic is forwarded to the Cloud Web Security.
Therefore, once the ACE has been created to accept traffic from
Therefore, once the ACE has been created to accept traffic from
, this web request
should no longer be blocked.