Cisco Cisco Web Security Appliance S670 User Guide
12-25
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 12 Data Security and External DLP Policies
Controlling Upload Requests Using External DLP Policies
Step 4
Optionally, you can add another DLP server by clicking Add Row and entering
the DLP Server information in the new fields provided.
the DLP Server information in the new fields provided.
Step 5
You can test the connection between the Web Security appliance and the defined
external DLP server(s) by clicking Start Test.
external DLP server(s) by clicking Start Test.
Step 6
Submit and commit your changes.
Controlling Upload Requests Using External DLP
Policies
Policies
Each upload request is assigned to an External DLP Policy group and inherits the
control settings of that policy group. The control settings of the External DLP
Policy group determine whether or not to send the upload request to the external
DLP system for scanning.
control settings of that policy group. The control settings of the External DLP
Policy group determine whether or not to send the upload request to the external
DLP system for scanning.
Once the Web Proxy receives the upload request headers, it has all the information
necessary to decide if the request should go to the external DLP system for
scanning. The DLP system scans the request and returns a verdict to the Web
Proxy, either block or monitor (evaluate the request against the Access Policies).
The block page provided by the DLP system appears to the end user, if applicable.
necessary to decide if the request should go to the external DLP system for
scanning. The DLP system scans the request and returns a verdict to the Web
Proxy, either block or monitor (evaluate the request against the Access Policies).
The block page provided by the DLP system appears to the end user, if applicable.
Maximum
Simultaneous
Connections
Simultaneous
Connections
Specifies the maximum number of simultaneous ICAP
request connections from the Web Security appliance to
each configured external DLP server. The Failure
Handling setting on this page applies to any request
which exceeds this limit.
request connections from the Web Security appliance to
each configured external DLP server. The Failure
Handling setting on this page applies to any request
which exceeds this limit.
Default is 25.
Failure Handling
Choose whether upload requests are blocked or allowed
(passed to Access Policies for evaluation) when the DLP
server fails to provide a timely response.
(passed to Access Policies for evaluation) when the DLP
server fails to provide a timely response.
Default is allow (“Permit all data transfers to proceed
without scanning”).
without scanning”).
Table 12-2
External DLP Server Settings (continued)
Setting
Description