Cisco Cisco Web Security Appliance S670 User Guide

Page of 486
10-5
AsyncOS 10.0 for Cisco Web Security Appliances User Guide
 
Chapter 10      Create Policies to Control Internet Requests
  Policies
Each policy type uses a policy table to store and manage its policies. Each policy table comes with a 
predefined, global policy, which maintains default actions for a policy type. Additional, user-defined 
policies are created and added to the policy table as required. Policies are processed in the order in which 
they are listed in the policy table.
Individual policies define the user-request types they manage, and the actions they perform on those 
requests. Each policy definition has two main sections: 
Identification Profiles and Users – Identification Profiles are used in policy membership criteria 
and are particularly important as they contain many options for identifying web transaction. They 
also share many properties with policies.
Advanced – The criteria used to identify users to which the policy applies. One or more criteria can 
be specified in a policy, and all must be match for the criteria to be met.
Protocols – Allow the transfer of data between various networking devices such as http, https, 
ftp, etc.
Proxy Ports – the numbered port by which the request accesses the web proxy, 
Subnets – The logical grouping of connected network devices (such as geographic location or 
Local Area Network [LAN]), where the request originated
Time Range – Time ranges can be created for use in policies to identify or apply actions to web 
requests based on the time or day the requests were made. The time ranges are created as 
individual units.
URL Categories – URL categories are predefined or custom categories of websites, such as News, 
Business, Social Media, etc. These can be used to identify or apply actions to web requests. 
User Agents – These are the client applications (such as updaters and Web browsers) used to 
make requests. You can define policy criteria based on user agents, and you can specify control 
settings based on user agents. You can also exempt user agents from authentication, which is 
useful for applications that cannot prompt for credentials. You can define custom user agents 
but cannot re-use these definitions other policies.
Outbound 
Malware 
Scanning
HTTP
Decrypted HTTPS
FTP
Block, monitor, or allow requests to upload 
data that may contain malicious data. 
Prevent malware that is already present on 
your network from being transmitted to 
external networks. 
Routing
HTTP
HTTPS
FTP
Direct web traffic through upstream proxies 
or direct it to destination servers. You might 
want to redirect traffic through upstream 
proxies to preserve your existing network 
design, to off-load processing from the Web 
Security appliance, or to leverage additional 
functionality provided by 3rd-party proxy 
systems. 
If multiple upstream proxies are available, 
the Web Security appliance can use load 
balancing techniques to distribute data to 
them. 
Policy Type
Request Type
Description
Link to task