Cisco Cisco Web Security Appliance S670 User Guide
10-6
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 10 Working with External Proxies
Creating Routing Policies
Step 1
Navigate to the Web Security Manager > Routing Policies page.
Step 2
Click Add Group.
Step 3
In the Policy Name field, enter a name for the policy group, and in the Description field, optionally add
a description.
a description.
Note
Each policy group name must be unique and only contain alphanumeric characters or the space
character.
character.
Step 4
In the Insert Above Policy field, choose where in the policies table to place the policy group.
When configuring multiple policy groups you must specify a logical order for each group. Carefully
order your policy groups to ensure that correct matching occurs.
order your policy groups to ensure that correct matching occurs.
Step 5
In the Identities and Users section, choose one or more Identity groups to apply to this policy group.
For more information on how to do this, see
.
Step 6
Optionally, expand the Advanced section to define additional membership requirements.
Step 7
To define policy group membership by any of the advanced options, click the link for the advanced
option and configure the option on the page that appears.
option and configure the option on the page that appears.
describes the advanced options you can configure for policy groups.
Table 10-1
Policy Group Advanced Options
Advanced Option
Description
Protocols
Choose whether or not to define policy group membership by the protocol used in
the client request. Select the protocols to include.
the client request. Select the protocols to include.
“All others” means any protocol not listed above this option.
Note: When the HTTPS Proxy is enabled, only Decryption Policies apply to
HTTPS transactions. You cannot define policy membership by the HTTPS protocol
for Access, Routing, Outbound Malware Scanning, Data Security, or External DLP
Policies.
HTTPS transactions. You cannot define policy membership by the HTTPS protocol
for Access, Routing, Outbound Malware Scanning, Data Security, or External DLP
Policies.
Proxy Ports
Choose whether or not to define policy group membership by the proxy port used
to access the Web Proxy. Enter one or more port numbers in the Proxy Ports field.
Separate multiple ports with commas.
to access the Web Proxy. Enter one or more port numbers in the Proxy Ports field.
Separate multiple ports with commas.
For explicit forward connections, this is the port configured in the browser. For
transparent connections, this is the same as the destination port. You might want to
define policy group membership on the proxy port if you have one set of clients
configured to explicitly forward requests on one port, and another set of clients
configured to explicitly forward requests on a different port.
transparent connections, this is the same as the destination port. You might want to
define policy group membership on the proxy port if you have one set of clients
configured to explicitly forward requests on one port, and another set of clients
configured to explicitly forward requests on a different port.
Cisco recommends only defining policy group membership by the proxy port when
the appliance is deployed in explicit forward mode, or when clients explicitly
forward requests to the appliance. If you define policy group membership by the
proxy port when client requests are transparently redirected to the appliance, some
requests might be denied.
the appliance is deployed in explicit forward mode, or when clients explicitly
forward requests to the appliance. If you define policy group membership by the
proxy port when client requests are transparently redirected to the appliance, some
requests might be denied.
Note: If the Identity associated with this policy group defines Identity membership
by this advanced setting, the setting is not configurable at the non-Identity policy
group level.
by this advanced setting, the setting is not configurable at the non-Identity policy
group level.