Cisco Cisco Web Security Appliance S670 User Guide
10-9
AsyncOS 10.0 for Cisco Web Security Appliances User Guide
Chapter 10 Create Policies to Control Internet Requests
Policies
Step 8
Expand the Advanced section to define additional group membership criteria. (This step may be
optional depending on selection in the Policy Member Definition section. Also, some of the following
options will not be available, depending on the type of policy you are configuring.) .
optional depending on selection in the Policy Member Definition section. Also, some of the following
options will not be available, depending on the type of policy you are configuring.) .
Advanced Option
Description
Protocols
Select the protocols to which this policy will apply. All others means any
protocol not selected. If the associated identification profile applies to specific
protocols, this policy applies to those same protocols.
protocol not selected. If the associated identification profile applies to specific
protocols, this policy applies to those same protocols.
Proxy Ports
Applies this policy only to traffic using specific ports to access the web proxy. Enter
one or more port numbers, separating multiple ports with commas.
one or more port numbers, separating multiple ports with commas.
For explicit forward connections, this is the port configured in the browser.
For transparent connections, this is the same as the destination port.
Note
If the associated identification profile applies only to specific proxy
ports, you cannot enter proxy ports here.
ports, you cannot enter proxy ports here.
Subnets
Applies this policy only to traffic on specific subnets. Select Specify subnets and
enter the specific subnets, separated by commas.
enter the specific subnets, separated by commas.
Leave Use subnets from selected Identities selected if you do not want additional
filtering by subnet.
filtering by subnet.
Note
If the associated identity applies to specific subnets, you can further
restrict the application of this policy to a subset of the addresses to which
the identity applies.
restrict the application of this policy to a subset of the addresses to which
the identity applies.
Time Range
You can apply time ranges for policy membership:
•
Time Range – Choose a previously defined time range (
•
Match Time Range – Use this option to indicate whether this time range is
inclusive or exclusive. In other words, whether to match only during the
range specified, or at all times except those in the specified range.
inclusive or exclusive. In other words, whether to match only during the
range specified, or at all times except those in the specified range.
URL Categories
You can restrict policy membership by specific destinations (URLs) and by categories
of URLs. Select all desired custom and predefined categories. See
of URLs. Select all desired custom and predefined categories. See
for information about
custom categories.
User Agents
You can select specific user agents, and define custom agents using regular
expressions, as part of membership definition for this policy.
expressions, as part of membership definition for this policy.
•
Common User Agents
–
Browsers – Expand this section to select various Web browsers.
–
Others – Expand this section to select specific non-browser agents such
as application updaters.
as application updaters.
•
Custom User Agents – You can enter one or more regular expressions, one
per line, to define custom user agents.
per line, to define custom user agents.
•
Match User Agents – Use this option to indicate whether these user-agent
specifications are inclusive or exclusive. In other words, whether membership
definition includes only the selected user agents, or specifically excludes the
selected user agents.
specifications are inclusive or exclusive. In other words, whether membership
definition includes only the selected user agents, or specifically excludes the
selected user agents.