Cisco Cisco Web Security Appliance S690 User Guide
Chapter 11 Outbound Malware Scanning
Creating Outbound Malware Scanning Policies
11-8
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
describes the advanced options you can configure for Outbound
Malware Scanning Policy groups.
Table 11-1
Outbound Malware Scanning Policy Group Advanced Options
Advanced Option
Description
Protocols
Choose whether or not to define policy group membership
by the protocol used in the client request. Select the
protocols to include.
by the protocol used in the client request. Select the
protocols to include.
“All others” means any protocol not listed above this option.
Note: When the HTTPS Proxy is enabled, only Decryption
Policies apply to HTTPS transactions. You cannot define
policy membership by the HTTPS protocol for Access,
Routing, Outbound Malware Scanning, Data Security, or
External DLP Policies.
Policies apply to HTTPS transactions. You cannot define
policy membership by the HTTPS protocol for Access,
Routing, Outbound Malware Scanning, Data Security, or
External DLP Policies.
Proxy Ports
Choose whether or not to define policy group membership
by the proxy port used to access the Web Proxy. Enter one or
more port numbers in the Proxy Ports field. Separate
multiple ports with commas.
by the proxy port used to access the Web Proxy. Enter one or
more port numbers in the Proxy Ports field. Separate
multiple ports with commas.
For explicit forward connections, this is the port configured
in the browser. For transparent connections, this is the same
as the destination port. You might want to define policy
group membership on the proxy port if you have one set of
clients configured to explicitly forward requests on one port,
and another set of clients configured to explicitly forward
requests on a different port.
in the browser. For transparent connections, this is the same
as the destination port. You might want to define policy
group membership on the proxy port if you have one set of
clients configured to explicitly forward requests on one port,
and another set of clients configured to explicitly forward
requests on a different port.
Cisco recommends defining policy group membership by the
proxy port only when the appliance is deployed in explicit
forward mode, or when clients explicitly forward requests to
the appliance. If you define policy group membership by the
proxy port when client requests are transparently redirected
to the appliance, some requests might be denied.
proxy port only when the appliance is deployed in explicit
forward mode, or when clients explicitly forward requests to
the appliance. If you define policy group membership by the
proxy port when client requests are transparently redirected
to the appliance, some requests might be denied.
Note: If the Identity associated with this policy group
defines Identity membership by this advanced setting, the
setting is not configurable at the non-Identity policy group
level.
defines Identity membership by this advanced setting, the
setting is not configurable at the non-Identity policy group
level.