Cisco Cisco Web Security Appliance S690 User Guide
C R E A T I N G D A T A S E C U R I T Y A N D E X T E R N A L D L P P O L I C I E S
C H A P T E R 1 1 : D A T A S E C U R I T Y A N D E X T E R N A L D L P P O L I C I E S
221
C R E A T I N G D A T A S E C U R I T Y A N D E X T E R N A L D L P PO L I C I E S
You can create Data Security and External DLP Policy groups based on combinations of
several criteria, such as one or more Identities or the URL category of the destination site. You
must define at least one criterion for policy group membership. When you define multiple
criteria, the upload request must meet all criteria to match the policy group. However, the
upload request needs to match only one of the configured Identities.
several criteria, such as one or more Identities or the URL category of the destination site. You
must define at least one criterion for policy group membership. When you define multiple
criteria, the upload request must meet all criteria to match the policy group. However, the
upload request needs to match only one of the configured Identities.
For more information about how the Web Proxy matches an upload request with a policy
group, see “Evaluating Data Security and External DLP Policy Group Membership” on
page 219 and “Matching Client Requests to Data Security and External DLP Policy Groups”
on page 219.
group, see “Evaluating Data Security and External DLP Policy Group Membership” on
page 219 and “Matching Client Requests to Data Security and External DLP Policy Groups”
on page 219.
Define Data Security Policy group membership on the Web Security Manager > IronPort Data
Security Policies page. Define External DLP Policy group membership on the Web Security
Manager > External DLP Policies page.
Security Policies page. Define External DLP Policy group membership on the Web Security
Manager > External DLP Policies page.
To create a Data Security or External DLP Policy group:
1. Navigate to the Web Security Manager > IronPort Data Security Policies page or the Web
Security Manager > External DLP Policies page.
2. Click Add Policy.
3. In the Policy Name field, enter a name for the policy group, and in the Description field,
optionally add a description.
4. In the Insert Above Policy field, choose where in the policies table to place the policy
group.
When configuring multiple policy groups you must specify a logical order for each group.
Carefully order your policy groups to ensure that correct matching occurs.
Carefully order your policy groups to ensure that correct matching occurs.
5. In the Identities and Users section, choose one or more Identity groups to apply to this
policy group.
For more information on how to do this, see “Configuring Identities in Other Policy
Groups” on page 142.
Groups” on page 142.
6. Optionally, expand the Advanced section to define additional membership requirements.