Cisco Cisco Web Security Appliance S690 User Guide

20-3

AsyncOS 8.8 for Cisco Web Security Appliances User Guide

Chapter 20 Detecting Rogue Traffic on Non-Standard Ports

Updating L4 Traffic Monitor Anti-Malware Rules

–

Ports configured in the “HTTP Ports to Proxy” property on the Security Services > Web Proxy
page (usually port 80).

–

Ports configured in the “Transparent HTTPS Ports to Proxy” property on the Security Services
> HTTPS Proxy page (usually port 443).

Step 5

Submit and Commit Changes.

Updating L4 Traffic Monitor Anti-Malware Rules

Step 1

Choose Security Services > L4 Traffic Monitor.

Step 2

Click Update Now.

Creating a Policy to Detect Rogue Traffic

The actions the L4 Traffic Monitor takes depends on the L4 Traffic Monitor policies you configure

Step 1

Choose Web Security Manager > L4 Traffic Monitor.

Step 2

Click Edit Settings.

Step 3

On the Edit L4 Traffic Monitor Policies page, configure the L4 Traffic Monitor policies:

Define the Allow List

Add known good sites to the Allow List

Note

Do not include the Web Security appliance IP address or hostname to the Allow List
otherwise the L4 Traffic Monitor does not block any traffic.

Determine which action to perform for Suspected Malware Addresses:

Action

Description

Allow

It always allows traffic to and from known allowed and unlisted addresses

Monitor

It monitors traffic under the following circumstances:

–

When the Action for Suspected Malware Addresses option is set to Monitor, it
always monitors all traffic that is not to or from a known allowed address.

–

When the Action for Suspected Malware Addresses option is set to Block, it
monitors traffic to and from ambiguous addresses

Block

When the Action for Suspected Malware Addresses option is set to Block, it blocks
traffic to and from known malware addresses