Cisco Cisco Web Security Appliance S380 User Guide
15-11
Cisco AsyncOS 8.0.6 for Web User Guide
Chapter 15 Prevent Loss of Sensitive Data
Controlling Upload Requests Using External DLP Policies
Step 4
You can test the connection between the Web Security appliance and the defined external DLP server(s)
by clicking Start Test.
by clicking Start Test.
Step 5
Submit and Commit Changes.
Controlling Upload Requests Using External DLP Policies
Once the Web Proxy receives the upload request headers, it has the information necessary to decide if
the request should go to the external DLP system for scanning. The DLP system scans the request and
returns a verdict to the Web Proxy, either block or monitor (evaluate the request against the Access
Policies).
the request should go to the external DLP system for scanning. The DLP system scans the request and
returns a verdict to the Web Proxy, either block or monitor (evaluate the request against the Access
Policies).
Step 1
Choose Web Security Manager > External Data Loss Prevention.
Step 2
Click the link under the Destinations column for the policy group you want to configure.
Step 3
Under the Edit Destination Settings section, choose “Define Destinations Scanning Custom
Settings”.
Settings”.
Step 4
In the Destination to scan section, choose one of the following options:
•
Do not scan any uploads. No upload requests are sent to the configured DLP system(s) for
scanning. All upload requests are evaluated against the Access Policies.
scanning. All upload requests are evaluated against the Access Policies.
•
Scan all uploads. All upload requests are sent to the configured DLP system(s) for scanning. The
upload request is blocked or evaluated against the Access Policies depending on the DLP system
scanning verdict.
upload request is blocked or evaluated against the Access Policies depending on the DLP system
scanning verdict.
•
Scan uploads to specified custom URL categories only. Upload requests that fall in specific
custom URL categories are sent to the configured DLP system for scanning. The upload request is
blocked or evaluated against the Access Policies depending on the DLP system scanning verdict.
Click Edit custom categories list to select the URL categories to scan.
custom URL categories are sent to the configured DLP system for scanning. The upload request is
blocked or evaluated against the Access Policies depending on the DLP system scanning verdict.
Click Edit custom categories list to select the URL categories to scan.
Step 5
Submit and Commit Changes.
Logging
The access logs indicate whether or not an upload request was scanned by either the Cisco IronPort Data
Security Filters or an external DLP server. The access log entries include a field for the Cisco IronPort
Data Security scan verdict and another field for the External DLP scan verdict based.
Security Filters or an external DLP server. The access log entries include a field for the Cisco IronPort
Data Security scan verdict and another field for the External DLP scan verdict based.
In addition to the access logs, the Web Security appliance provides the following log file types to
troubleshoot Cisco IronPort Data Security and External DLP Policies:
troubleshoot Cisco IronPort Data Security and External DLP Policies:
•
Data Security Logs. Records client history for upload requests that are evaluated by the Cisco
IronPort Data Security Filters.
IronPort Data Security Filters.
•
Data Security Module Logs. Records messages related to the Cisco IronPort Data Security Filters.
•
Default Proxy Logs. In addition recording errors related to the Web Proxy, the default proxy logs
include messages related to connecting to external DLP servers. This allows you to troubleshoot
connectivity or integration problems with external DLP servers.
include messages related to connecting to external DLP servers. This allows you to troubleshoot
connectivity or integration problems with external DLP servers.