Cisco Cisco Web Security Appliance S670 User Guide
232
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
C O N T R O L L I N G U P L O A D R E Q U E S T S U S I N G E X T E R N A L D L P PO L I C I E S
Each upload request is assigned to an External DLP Policy group and inherits the control
settings of that policy group. The control settings of the External DLP Policy group determine
whether or not to send the upload request to the external DLP system for scanning.
settings of that policy group. The control settings of the External DLP Policy group determine
whether or not to send the upload request to the external DLP system for scanning.
Once the Web Proxy receives the upload request headers, it has all the information necessary
to decide if the request should go to the external DLP system for scanning. The DLP system
scans the request and returns a verdict to the Web Proxy, either block or monitor (evaluate the
request against the Access Policies). The block page provided by the DLP system is shown to
the end user, if applicable.
to decide if the request should go to the external DLP system for scanning. The DLP system
scans the request and returns a verdict to the Web Proxy, either block or monitor (evaluate the
request against the Access Policies). The block page provided by the DLP system is shown to
the end user, if applicable.
Note — If any Data Security Policy group applies to the upload request, the Web Proxy
evaluates the policy group’s control settings against the upload request at the same time the
external DLP system scans the request. If a Data Security Policy setting blocks the request
before the DLP system is done scanning, the Web Proxy blocks the request and terminates the
ICAP session with the DLP system.
evaluates the policy group’s control settings against the upload request at the same time the
external DLP system scans the request. If a Data Security Policy setting blocks the request
before the DLP system is done scanning, the Web Proxy blocks the request and terminates the
ICAP session with the DLP system.
Configure control settings for External DLP Policy groups on the Web Security Manager >
External DLP Policies page.
External DLP Policies page.
Figure 11-7 shows where you can configure control settings for the External DLP Policy
groups.
groups.
Figure 11-7 Creating External DLP Policies
To configure control settings for an External DLP Policy group:
1. Navigate to the Web Security Manager > External DLP Policies page.
2. Click the link under the Destinations column for the policy group you want to configure.
3. Under the Edit Destination Settings section, choose “Define Destinations Scanning
Custom Settings” from the drop down menu if it is not selected already.