Cisco Cisco Web Security Appliance S690 User Guide
7-3
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 7 Policies
Policy Types
To define policies, you create policy groups. After you create policy groups, you can define the control
settings for each group. For more information about working with policy groups, see
settings for each group. For more information about working with policy groups, see
.
All policy types have a global policy group that maintains default settings and rules that apply to web
transactions not covered by another policy. For more information on global policies, see
transactions not covered by another policy. For more information on global policies, see
.
Identities
An Identity is a policy that identifies the user making a request. This is the only policy where you can
define whether or not authentication is required. An Identity addresses the question, “who are you?”
However, Identities do not specify a list of users who are authorized to access the web. You specify
authorized users in the other policy types after you specify the Identity to use.
define whether or not authentication is required. An Identity addresses the question, “who are you?”
However, Identities do not specify a list of users who are authorized to access the web. You specify
authorized users in the other policy types after you specify the Identity to use.
All other policies you create must specify an Identity.
Configure Identities on the Web Security Manager > Identities page. For more information about
Identities, see
Identities, see
Decryption Policies
Decryption Policies determine whether or not an HTTPS connection should be decrypted, passed
through, or dropped. They address the question, “to decrypt or not to decrypt?”
through, or dropped. They address the question, “to decrypt or not to decrypt?”
The appliance uses Decryption Policies to evaluate HTTPS requests. The Decryption Policy group that
applies to an HTTPS request determines whether the appliance drops the connection, passes it through
without decryption, or decrypts the connection and subsequently evaluate the decrypted request and
response against the defined Access Policy groups.
applies to an HTTPS request determines whether the appliance drops the connection, passes it through
without decryption, or decrypts the connection and subsequently evaluate the decrypted request and
response against the defined Access Policy groups.
Configure Decryption Policy groups on the Web Security Manager > Decryption Policies page. For more
information about Decryption Policy groups, see
information about Decryption Policy groups, see
.
Routing Policies
Routing Policies determine to where to pass the client request, either to another proxy or to the
destination server. They address the question, “from where to fetch content?”
destination server. They address the question, “from where to fetch content?”
You can use this policy type to select a group of upstream proxies configured for load balancing or
failover.
failover.
Configure Routing Policies on the Web Security Manager > Routing Policies page. For more information
about Routing Policies, see
about Routing Policies, see
.
Access Policies
Access Policies determine whether to allow or block HTTP and decrypted HTTPS transactions. They
address the question, “to allow or block the transaction?”
address the question, “to allow or block the transaction?”
Access Policies determine how the appliance controls access to services, applications, and objects on the
web for HTTP and decrypted HTTPS requests. The appliance uses Access Policies to evaluate and scan
HTTP requests and HTTPS requests designated for decryption.
web for HTTP and decrypted HTTPS requests. The appliance uses Access Policies to evaluate and scan
HTTP requests and HTTPS requests designated for decryption.