Cisco Cisco Web Security Appliance S670 User Guide

Policy group membership. Define how to group users that belong to the 
policy group. For user defined policy groups, you can group by different 
properties, such as client IP address, authentication group or user name, or 
URL category. The properties you can define for a policy depends on the 
policy type.

Click the policy group name to edit the group membership requirements, such 
as client IP address and authentication requirements. A page is displayed 
where you can configure membership requirements.

For global policies, you can only define the membership requirements for 
the global Identity group and not for the global Access, Decryption, or 
Routing groups. Global Access, Decryption, and Routing groups always 
match all Identities.

For more information about policy group membership, see 

Policy group control settings. Define how users in the group can use the 
Internet. The control settings you can define depend on the policy type. For 
example, for Routing Policies, you define from which proxy group to fetch 
the content, and for Access Policies, you can use the Web Security appliance 
features, such as Web Reputation, anti-malware scanning, and more to 
determine whether or not to allow the client request.

Click the link in the policy group row under the control setting you want to 
configure, such as URL Categories or Routing Destination. When you click a 
link in the table, a page is displayed where you can configure settings for that 
policy group.

For more information on configuring control settings for each policy type, see 
the following sections: