Cisco Cisco Web Security Appliance S670 User Guide
26-15
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 26 System Administration
Configuring the Return Address for Generated Messages
•
Restrict administrator access to certain machines.
•
Require stronger SSL ciphers for administrator access.
Configuring Custom Text at Login
Using the
adminaccessconfig > banner
CLI command, you can configure the appliance to display any
text you specify when an administrator tries to logs in. You might want to do this to display a banner that
informs the user of organizational policies and conditions. The custom banner text appears when an
administrator tries to access the appliance through all interfaces, such as the web interface or via FTP.
informs the user of organizational policies and conditions. The custom banner text appears when an
administrator tries to access the appliance through all interfaces, such as the web interface or via FTP.
You can load the custom text by either pasting it into the CLI prompt or by copying it from a file located
on the Web Security appliance. To upload the text from a file, you must first transfer the file to the
configuration directory on the appliance using FTP.
on the Web Security appliance. To upload the text from a file, you must first transfer the file to the
configuration directory on the appliance using FTP.
Configuring IP-Based Administrator Access
Using the
adminaccessconfig > ipaccess
CLI command, you can control from which IP addresses
administrators access the Web Security appliance. Administrators can access the appliance from any
machine or from machines with an IP address from a list you specify.
machine or from machines with an IP address from a list you specify.
When restrict access to an allow list, you can specify IP addresses, subnets, or CIDR addresses.
By default, when you list the addresses that can access the appliance, the IP address of your current
machine is listed as the first address in the allow list. You cannot delete the IP address of your current
machine from the allow list.
machine is listed as the first address in the allow list. You cannot delete the IP address of your current
machine from the allow list.
Configuring the SSL Ciphers for Administrator Access
Using the
adminaccessconfig > strictssl
CLI command, you can configure the appliance so
administrators log into the web interface on port 8443 using stronger SSL ciphers (greater than 56 bit
encryption).
encryption).
When you configure the appliance to require stronger SSL ciphers, the change only applies to
administrators accessing the appliance using HTTPS to manage the appliance. It does not apply to other
network traffic connected to the Web Proxy using HTTPS.
administrators accessing the appliance using HTTPS to manage the appliance. It does not apply to other
network traffic connected to the Web Proxy using HTTPS.
Configuring the Return Address for Generated Messages
You can configure the return address for mail generated by AsyncOS for reports. You can specify the
display, user, and domain names of the return address. You can also choose to use the Virtual Gateway
domain for the domain name.
display, user, and domain names of the return address. You can also choose to use the Virtual Gateway
domain for the domain name.
Configure the return address on the System Administration > Return Addresses page.
Figure 26-7
Configuring Return Addresses