Cisco Cisco Web Security Appliance S690 User Guide
16-6
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 16 Prevent Loss of Sensitive Data
Creating Data Security and External DLP Policies
Step 7
To define policy group membership by any of the advanced options, click the link for the advanced
option and configure the option on the page that appears.
option and configure the option on the page that appears.
Advanced Option
Description
Protocols
Choose whether or not to define policy group membership by the protocol used
in the client request. Select the protocols to include.
in the client request. Select the protocols to include.
“All others” means any protocol not listed above this option.
Note
When the HTTPS Proxy is enabled, only Decryption Policies apply to
HTTPS transactions. You cannot define policy membership by the
HTTPS protocol for Access, Routing, Outbound Malware Scanning, Data
Security, or External DLP Policies.
HTTPS transactions. You cannot define policy membership by the
HTTPS protocol for Access, Routing, Outbound Malware Scanning, Data
Security, or External DLP Policies.
Proxy Ports
Choose whether or not to define policy group membership by the proxy port used
to access the Web Proxy. Enter one or more port numbers in the Proxy Ports field.
Separate multiple ports with commas.
to access the Web Proxy. Enter one or more port numbers in the Proxy Ports field.
Separate multiple ports with commas.
For explicit forward connections, this is the port configured in the browser. For
transparent connections, this is the same as the destination port. You might want
to define policy group membership on the proxy port if you have one set of clients
configured to explicitly forward requests on one port, and another set of clients
configured to explicitly forward requests on a different port.
transparent connections, this is the same as the destination port. You might want
to define policy group membership on the proxy port if you have one set of clients
configured to explicitly forward requests on one port, and another set of clients
configured to explicitly forward requests on a different port.
Cisco recommends only defining policy group membership by the proxy port
when the appliance is deployed in explicit forward mode, or when clients
explicitly forward requests to the appliance. If you define policy group
membership by the proxy port when client requests are transparently redirected
to the appliance, some requests might be denied.
when the appliance is deployed in explicit forward mode, or when clients
explicitly forward requests to the appliance. If you define policy group
membership by the proxy port when client requests are transparently redirected
to the appliance, some requests might be denied.
Note
If the Identity associated with this policy group defines Identity
membership by this advanced setting, the setting is not configurable at the
non-Identity policy group level.
membership by this advanced setting, the setting is not configurable at the
non-Identity policy group level.
Subnets
Choose whether or not to define policy group membership by subnet or other
addresses.
addresses.
You can choose to use the addresses that may be defined with the associated
Identification Profile, or you can enter specific addresses here.
Identification Profile, or you can enter specific addresses here.
Note
If the Identification Profile associated with this policy group defines its
membership by addresses, then in this policy group you must enter
addresses that are a subset of the addresses defined in the Identification
Profile. Adding addresses in the policy group further narrows down the
list of transactions that match this policy group.
membership by addresses, then in this policy group you must enter
addresses that are a subset of the addresses defined in the Identification
Profile. Adding addresses in the policy group further narrows down the
list of transactions that match this policy group.
URL Categories
Choose whether or not to define policy group membership by URL categories.
Select the user defined or predefined URL categories.
Select the user defined or predefined URL categories.
Note
If the Identity associated with this policy group defines Identity
membership by this advanced setting, the setting is not configurable at the
non-Identity policy group level.
membership by this advanced setting, the setting is not configurable at the
non-Identity policy group level.