Cisco Cisco Web Security Appliance S160 User Guide
6-2
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Chapter 6 Classify End-Users and Client Software
Classify Users and Client Software: Best Practices
One policy may call on multiple Identification Profiles:
Classify Users and Client Software: Best Practices
•
Create fewer, more general Identification Profiles that apply to all users or fewer, larger groups of
users. Use policies, rather than profiles, for more granular management.
users. Use policies, rather than profiles, for more granular management.
•
Create Identification Profiles with unique criteria.
•
If deployed in transparent mode, create an Identification Profile for sites that do not support
authentication. See
authentication. See
.
Identification Profile Criteria
These transaction characteristics are available to define an Identification Profile:
This Identification Profile uses an authentication sequence and this
policy applies to one realm in the sequence.
policy applies to one realm in the sequence.
Authentication is not used for this Identification Profile.
This Identification Profile allows guest access and applies to users
who fail authentication.
who fail authentication.
The specified user groups in this Identification Profile are authorized
for this policy.
for this policy.
Option
Description
Subnet
The client subnet must match the list of subnets in a policy.
Protocol
The protocol used in the transaction: HTTP, HTTPS, SOCKS, or native FTP.
Port
The proxy port of the request must be in the Identification Profile’s list of ports, if
any are listed. For explicit forward connections, this is the port configured in the
browser. For transparent connections, this is the same as the destination port.
any are listed. For explicit forward connections, this is the port configured in the
browser. For transparent connections, this is the same as the destination port.