Cisco Cisco ScanSafe Wi-Fi Hotspot Security Leaflet

Page 10 of 27

Note:

If you do not see SearchAhead results, log in to ScanCenter, navigate to the Web Filtering tab, then

the Management menu, and then under Global Settings ensure the Enable SearchAhead for all users checkbox

is selected.

Directory Groups Definition in Cisco ScanCenter (optional)

If you have integrated your ASA with an IDFW for group identification in rules and user granularity in reports, you

need to define in ScanCenter any directory groups for use in web filtering rules.

1. Log in to ScanCenter and click the Admin tab.

2. Under the Management tab, click Groups. The list of defined groups will be shown.

3. Click Add Directory Group from the bottom of the page.

4. Type in the name of a directory group in the format of domain-name\group-name.

5. Click Save to save the directory group.

6. Repeat the previous three steps to add additional directory groups.

Web Filtering Policy in Cisco ScanCenter

To get started, you need to create a basic web filtering policy in ScanCenter.

The policy is a set of rules that runs from top to bottom, checking each rule until it makes the first “match”, and

applies the action of that rule and then stops. In order for a rule to make a match and apply an action, it must

make a match on all three of the following entities:

●

Groups, Users, or IP Addresses

●

Filter

●

Schedule

So the rule is actually asking “Can this user access this web content at this time?”

If no rule is matched, the Default rule at the bottom will always apply.

The following steps demonstrate how to set up a basic policy, which you can then build on and develop further.

Note:

In a new account, no policy will be defined and all users can access all sites at all times, so all you will

see is a default rule in the list.