Cisco Cisco Web Security Appliance S690 User Guide
21-7
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 21 L4 Traffic Monitor
Configuring the L4 Traffic Monitor
Actions for
Suspected Malware
Addresses
Suspected Malware
Addresses
Choose whether to monitor or block traffic destined for a
known malware address. For a definition of known
malware address, see
known malware address. For a definition of known
malware address, see
•
Monitor. Scans all traffic for domains and IP
addresses that match entries in the L4 Traffic Monitor
database. The Monitor option does not block
suspicious traffic. This setting is useful for identifying
infected clients without affecting the user experience.
addresses that match entries in the L4 Traffic Monitor
database. The Monitor option does not block
suspicious traffic. This setting is useful for identifying
infected clients without affecting the user experience.
•
Block. Scans all traffic for domains and IP addresses
that match entries in the appliance administrative lists
and the block list database and then blocks any traffic
it finds. This setting is useful for identifying infected
clients and stopping malware attempts through
non-standard ports.
that match entries in the appliance administrative lists
and the block list database and then blocks any traffic
it finds. This setting is useful for identifying infected
clients and stopping malware attempts through
non-standard ports.
When you choose to block suspected malware traffic, you
can also choose whether or not to always block ambiguous
addresses. By default, ambiguous addresses are
monitored.
can also choose whether or not to always block ambiguous
addresses. By default, ambiguous addresses are
monitored.
Table 21-1
L4 Traffic Monitor Policies
Property
Description