Cisco Cisco Web Security Appliance S670 User Guide

Page of 486
10-7
AsyncOS 10.0 for Cisco Web Security Appliances User Guide
 
Chapter 10      Create Policies to Control Internet Requests
  Policies
Creating a Policy 
Before You Begin
Enable the appropriate proxy:
Web Proxy (for HTTP, decrypted HTTPS, and FTP)
HTTPS Proxy
SOCKS Proxy
Create associated Identification Profiles.
Understand 
(Encrypted HTTPS only) Upload or generate a Certificate and Key.
(Data Security only) Enable Cisco Data Security Filters Settings.
(External DLP only) Define an External DLP server.
(Routing only) Define the associated upstream proxy on the Web Security appliance.
(Optional) Create associated client applications.
(Optional) Create associated time ranges. See 
.
(Optional) Create associated URL categories. See 
.
Step 1
In the Policy Settings section, use the Enable Identity check box to enable this policy, or to quickly 
disable it without deleting it.
Step 2
Assign a unique policy Name.
Step 3
Description is optional.
Step 4
From the Insert Above drop-down list, choose where this policy is to appear in the table.
Note
Arrange policies such that, from top to bottom of the table, they are in most-restrictive to 
least-restrictive order. See 
Step 5
In the Policy Member Definition section, specify how user and group
 
membership is defined: from the 
Identification Profiles and Users list, choose one of the following:
All Identification Profiles – This policy will apply to all existing profiles. You must also define 
at least one Advanced option.
Select One or More Identification Profiles – A table for specifying individual Identification 
Profiles appears, one profile-membership definition per row.
Step 6
If you chose All Identification Profiles:
a.
Specify the authorized users and groups to which this policy applies by selecting one of the 
following options:
All Authenticated Users – All users identified through authentication or transparent identification.
Selected Groups and Users – Specified users and groups are used.