Cisco Cisco Web Security Appliance S690 User Guide

Please be aware of the following requirements and restrictions for AsyncOS 8.7:

AsyncOS 8.7 supports only version 1.3 of the Identity Services Engine.

This release of AsyncOS does not support Connector mode; however, when operating in Connector 
mode, ISE-specific options remain visible and apparently available. To reiterate, Connector mode is 
not supported, and if your system is operating in that mode, you should not upgrade to this release.

ISE integration

AsyncOS can now access additional user-identity information from 
an Identity Services Engine (ISE) version 1.3 server deployed in the 
same network.

SSL configuration

For enhanced security, you can enable and disable SSLv3 for several 
services. Services with SSLv3 disabled will use TLSv1.0.

You can enable and disable SSLv3 for Appliance Management Web User 
Interface, Proxy Services (includes HTTPS Proxy and Credential 
Encryption for Secure Client), Secure LDAP Services (includes 
Authentication, External Authentication, SaaS SSO, and Secure Mobility), 
as well as the Update Service.

Use the Web interface (System Administration > SSL Configuration), or the 
CLI (

sslconfig

).

High Availability 

This release provides a built-in high availability option suitable for 
deployments in which the appliance runs in explicit mode with a proxy. 

For more information, see the “Connect, Install, and Configure” chapterin 
the User Guide.

2048-bit certificates

The key length for SSL certificates generated or processed by the appliance 
is now 2048 bits. 

LDAP authentication

LDAP protocol is now supported for authenticating administrative users of 
the appliance. 

Volume and Time Quotas You can apply time and volume quotas to access policies and decryption 

policies. Quotas allow individual users to continue accessing an Internet 
resource (or a class of Internet resources) until they exhaust the data volume 
or time limit imposed.