Cisco Cisco Web Security Appliance S690 User Guide
10-8
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Chapter 10 Create Policies to Control Internet Requests
Policy Configuration
Adding and Editing Secure Group Tags for a Policy
To change the list of Secure Group Tags (SGTs) assigned to a particular Identification Profile in a policy,
click the link following the ISE Secure Group Tags label in the Selected Groups and Users list on the
Add/Edit Policy page. (See
click the link following the ISE Secure Group Tags label in the Selected Groups and Users list on the
Add/Edit Policy page. (See
.) This link is either “No tags entered,” or it is a
list of currently assigned tags. The link opens the Add/Edit Secure Group Tags page.
All SGTs currently assigned to this policy are listed in the Authorized Secure Group Tags section. All
SGTs available from the connected ISE server are listed in the Secure Group Tag Search section.
SGTs available from the connected ISE server are listed in the Secure Group Tag Search section.
Step 1
To add one or more SGTs to the Authorized Secure Group Tags list, select the desired entries in the
Secure Group Tag Search section, and then click Add.
Secure Group Tag Search section, and then click Add.
The SGTs already added, are highlighted in green. To quickly find a specific SGT in the list of those
available, enter a text string in the Search field.
available, enter a text string in the Search field.
Step 2
To remove one or more SGTs from the Authorized Secure Group Tags list, select those entries and then
click Delete.
click Delete.
Step 3
Click Done to return to the Add/Edit Group page.
Related Topics
•
•
Policy Configuration
Each row in a table of policies represents a policy definition, and each column displays current contains
a link to a configuration page for that element of the policy.
a link to a configuration page for that element of the policy.
Note
Of the following policy-configuration components, you can specify the “Warn” option only with
URL Filtering.
URL Filtering.
Option
Description
Protocols and
User Agents
User Agents
Used to control policy access to protocols and configure blocking for particular
client applications, such as instant messaging clients, web browsers, and Internet
phone services. You can also configure the appliance to tunnel HTTP CONNECT
requests on specific ports. With tunneling enabled, the appliance passes HTTP
traffic through specified ports without evaluating it.
client applications, such as instant messaging clients, web browsers, and Internet
phone services. You can also configure the appliance to tunnel HTTP CONNECT
requests on specific ports. With tunneling enabled, the appliance passes HTTP
traffic through specified ports without evaluating it.
URL Filtering
AsyncOS for Web allows you to configure how the appliance handles a
transaction based on the URL category of a particular HTTP or HTTPS request.
Using a predefined category list, you can choose to block, monitor, warn, or set
quota-based or time-based filters.
transaction based on the URL category of a particular HTTP or HTTPS request.
Using a predefined category list, you can choose to block, monitor, warn, or set
quota-based or time-based filters.
You can also create custom URL categories and then choose to block, redirect,
allow, monitor, warn, or apply quota-based or time-based filters for Websites in
the custom categories. See
allow, monitor, warn, or apply quota-based or time-based filters for Websites in
the custom categories. See
for information about creating custom URL categories.