Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
9-14
AsyncOS 8.1 for Cisco Content Security Management User Guide
Chapter 9 Managing Web Security Appliances
•
If you publish a Configuration Master to a Web Security appliance that does not have a realm
configured with Transparent User Identification enabled, but you have selected Transparent User
Identification in an Identity or SaaS Policy:
configured with Transparent User Identification enabled, but you have selected Transparent User
Identification in an Identity or SaaS Policy:
–
For Identities, Transparent User Identification is disabled and the Require Authentication
option is selected instead.
option is selected instead.
–
For Saas Policies, the Transparent User Identification option is disabled and the default option
(Always prompt SaaS users for proxy authentication) is selected instead.
(Always prompt SaaS users for proxy authentication) is selected instead.
•
Any change that would cause a Web proxy restart when committed on the Web Security appliance
will also cause a proxy restart when you publish it from the Security Management appliance. You
will receive a warning in these situations.
will also cause a proxy restart when you publish it from the Security Management appliance. You
will receive a warning in these situations.
Proxy restarts may also occur on publish if a change requiring proxy restart has been made on the
Web Security appliance. For example, if new groups are added on the Web Security appliance to a
group authentication configuration for an access policy, the web proxy will restart the next time the
configuration master is published. You will not receive warnings about proxy restarts in these cases.
Web Security appliance. For example, if new groups are added on the Web Security appliance to a
group authentication configuration for an access policy, the web proxy will restart the next time the
configuration master is published. You will not receive warnings about proxy restarts in these cases.
Web Proxy restarts temporarily interrupt web security services. For information about the effects of
restarting the web proxy, see the “Checking for Web Proxy Restart on Commit” section in the Cisco
IronPort for Web Security User Guide.
restarting the web proxy, see the “Checking for Web Proxy Restart on Commit” section in the Cisco
IronPort for Web Security User Guide.
•
When you publish any change to an Identity, all end-users must re-authenticate.
Note
Publishing External DLP policies from a Security Management appliance to multiple Web Security
appliances that are not configured for RSA servers is not an issue. When you try to publish, the Security
Management appliance will send the following publish status warning, “The Security Services display
settings configured for Configuration Master <version> do not currently reflect the state of one or
more Security Services on Web Appliances associated with this publish request. The affected
appliances are: “<WSA Appliance Names>”. This may indicate a misconfiguration of the Security
Services display settings for this particular Configuration Master. Go to the Web Appliance Status
page for each appliance provides a detailed view to troubleshooting this issue. Do you want to
continue publishing the configuration now?”
appliances that are not configured for RSA servers is not an issue. When you try to publish, the Security
Management appliance will send the following publish status warning, “The Security Services display
settings configured for Configuration Master <version> do not currently reflect the state of one or
more Security Services on Web Appliances associated with this publish request. The affected
appliances are: “<WSA Appliance Names>”. This may indicate a misconfiguration of the Security
Services display settings for this particular Configuration Master. Go to the Web Appliance Status
page for each appliance provides a detailed view to troubleshooting this issue. Do you want to
continue publishing the configuration now?”
If you decide to continue to publish, the Web Security appliance that is not configured for the RSA
servers will receive the External DLP policies, but these policies will be disabled.The Web Security
appliance External DLP page will not show the published policies if External DLP Server is not
configured.
If you decide to continue to publish, the Web Security appliance that is not configured for the RSA
servers will receive the External DLP policies, but these policies will be disabled.The Web Security
appliance External DLP page will not show the published policies if External DLP Server is not
configured.
Publishing a Configuration Master Now
Procedure
Step 1
See important requirements and information in
.
Step 2
On the Security Management appliance, choose Web > Utilities > Publish to Web Appliances.
Step 3
Click Publish Configuration Now.
Step 4
“System-generated job name” is selected by default, or enter a user-defined job name (80 characters or
fewer).
fewer).
Step 5
Select the Configuration Master to publish.
Step 6
Select the Web Security appliances to which you want to publish the Configuration Master. Choose “All
assigned appliances” to publish the configuration to all appliances assigned to the Configuration Master.
assigned appliances” to publish the configuration to all appliances assigned to the Configuration Master.