Cisco Cisco Web Security Appliance S360 User Guide

When you define multiple membership criteria, the client request must meet all criteria to match 
the policy.

The order in which policies are listed in a policy table determines the priority with which they are applied 
to web requests. Web requests are checked against policies beginning at the top of the table and ending 
at the first policy matched. Any policies below that point in the table are not processed. 

If no user-defined policy is matched against a web request, then the global policy for that policy type is 
applied. Global policies are always positioned last in Policy tables and cannot be re-ordered.

Enable the appropriate proxy:

Web Proxy (for HTTP, decrypted HTTPS, and FTP)

HTTPS Proxy

SOCKS Proxy

Create associated Identification Profiles.

Understand 

(Encrypted HTTPS only) Upload or generate a Certificate and Key.

(Data Security only) Enable Cisco Data Security Filters Settings.

(External DLP only) Define an External DLP server.

(Routing only) Define the associated upstream proxy on the Web Security appliance.

(Optional) Create associated client applications.

(Optional) Create associated time ranges. See 

.

(Optional) Create associated URL categories. See 

.

In the Policy Settings section, use the Enable Identity check box to enable this policy, or to quickly 
disable it without deleting it.

Assign a unique policy Name.

A Description is optional.

From the Insert Above drop-down list, choose where this policy is to appear in the table.

Arrange policies such that, from top to bottom of the table, they are in most-restrictive to 
least-restrictive order. See 

 for more information.

In the Policy Member Definition section, specify how user and group

membership is defined: from the 

Identification Profiles and Users list, choose one of the following: