Cisco Cisco Web Security Appliance S670 User Guide
C R E A T I N G D E C R Y P T I O N P O L I C I E S
C H A P T E R 1 0 : D E C R Y P T I O N P O L I C I E S
205
8. Submit your changes.
9. Configure Decryption Policy group control settings to define how the Web Proxy handles
transactions.
The new policy group automatically inherits global policy group settings until you
configure options for each control setting. For more information, see “Controlling HTTPS
Traffic” on page 207.
configure options for each control setting. For more information, see “Controlling HTTPS
Traffic” on page 207.
Subnets
Choose whether or not to define policy group membership by subnet or
other addresses.
You can choose to use the addresses that may be defined with the
associated Identity, or you can enter specific addresses here.
Note: If the Identity associated with this policy group defines its
membership by addresses, then in this policy group you must enter
addresses that are a subset of the Identity’s addresses. Adding addresses
in the policy group further narrows down the list of transactions that
match this policy group.
other addresses.
You can choose to use the addresses that may be defined with the
associated Identity, or you can enter specific addresses here.
Note: If the Identity associated with this policy group defines its
membership by addresses, then in this policy group you must enter
addresses that are a subset of the Identity’s addresses. Adding addresses
in the policy group further narrows down the list of transactions that
match this policy group.
Time Range
Choose whether or not to define policy group membership by a defined
time range. Choose the time range from the Time Range field and then
choose whether this policy group should apply to the times inside or
outside the selected time range.
For more information on creating time based policies, see “Working
with Time Based Policies” on page 116.
For more information on creating time ranges, see “Creating Time
Ranges” on page 116.
time range. Choose the time range from the Time Range field and then
choose whether this policy group should apply to the times inside or
outside the selected time range.
For more information on creating time based policies, see “Working
with Time Based Policies” on page 116.
For more information on creating time ranges, see “Creating Time
Ranges” on page 116.
URL Categories
Choose whether or not to define policy group membership by URL
categories. Select the user defined or predefined URL categories.
Note: If the Identity associated with this policy group defines Identity
membership by this advanced setting, the setting is not configurable at
the non-Identity policy group level.
categories. Select the user defined or predefined URL categories.
Note: If the Identity associated with this policy group defines Identity
membership by this advanced setting, the setting is not configurable at
the non-Identity policy group level.
User Agents
Choose whether or not to define policy group membership by the user
agent used in the client request. You can select some commonly defined
browsers, or define your own using regular expressions. Choose
whether this policy group should apply to the selected user agents or to
any user agent that is not in the list of selected user agents.
For more information on creating user agent based policies, see
“Working with User Agent Based Policies” on page 118.
Note: If the Identity associated with this policy group defines Identity
membership by this advanced setting, the setting is not configurable at
the non-Identity policy group level.
agent used in the client request. You can select some commonly defined
browsers, or define your own using regular expressions. Choose
whether this policy group should apply to the selected user agents or to
any user agent that is not in the list of selected user agents.
For more information on creating user agent based policies, see
“Working with User Agent Based Policies” on page 118.
Note: If the Identity associated with this policy group defines Identity
membership by this advanced setting, the setting is not configurable at
the non-Identity policy group level.
Table 10-2 Decryption Policy Group Advanced Options (Continued)
Advanced Option
Description