Cisco Cisco Web Security Appliance S670 User Guide
C R E A T I N G D E C R Y P T I O N P O L I C I E S
C H A P T E R 1 0 : D E C R Y P T I O N P O L I C I E S
203
C R E A T I N G D E C R Y P T I O N PO L I C I E S
You can create Decryption Policy groups based on combinations of several criteria, such as
Identity or the URL category of the destination site. You must define at least one criterion for
policy group membership. When you define multiple criteria, the client request must meet all
criteria to match the policy group.
Identity or the URL category of the destination site. You must define at least one criterion for
policy group membership. When you define multiple criteria, the client request must meet all
criteria to match the policy group.
For more information about how the appliance matches a client request with a policy group,
see “Evaluating Decryption Policy Group Membership” on page 201 and “Matching Client
Requests to Decryption Policy Groups” on page 201.
see “Evaluating Decryption Policy Group Membership” on page 201 and “Matching Client
Requests to Decryption Policy Groups” on page 201.
You define policy group membership on the Web Security Manager > Decryption Policies
page.
page.
To create a Decryption Policy group:
1. Navigate to the Web Security Manager > Decryption Policies page.
2. Click Add Policy.
3. In the Policy Name field, enter a name for the policy group, and in the Description field,
optionally add a description.
4. In the Insert Above Policy field, choose where in the policies table to place the policy
group.
When configuring multiple policy groups you must specify a logical order for each group.
Carefully order your policy groups to ensure that correct matching occurs.
Carefully order your policy groups to ensure that correct matching occurs.
5. In the Identities and Users section, choose one or more Identity groups to apply to this
policy group.
Note — If the Identity requires authentication, then authentication information may not
be available when a user tries to connect to an HTTPS server. For more information on
how HTTPS and authentication work together, see “How Authentication Affects HTTPS
and FTP over HTTP Requests” on page 129.
be available when a user tries to connect to an HTTPS server. For more information on
how HTTPS and authentication work together, see “How Authentication Affects HTTPS
and FTP over HTTP Requests” on page 129.
For more information on how to do this, see “Configuring Identities in Other Policy
Groups” on page 142.
Groups” on page 142.
6. Optionally, expand the Advanced section to define additional membership requirements.