Cisco Cisco Web Security Appliance S160 Guía Del Usuario
21-4
Cisco IronPort AsyncOS 7.5 for Web User Guide
Chapter 21 L4 Traffic Monitor
Configuring the L4 Traffic Monitor
The Web Security appliance contacts the component update server and updates the L4 Traffic Monitor
anti-malware rules. For more information about the component update server, see
anti-malware rules. For more information about the component update server, see
.
Configuring L4 Traffic Monitor Policies
When the L4 Traffic Monitor is enabled, you can configure how it should manage traffic over the
configured TCP ports. It can perform the following actions on traffic over the TCP ports:
configured TCP ports. It can perform the following actions on traffic over the TCP ports:
•
Allow
•
Monitor
•
Block
For more information about how the L4 Traffic Monitor handles traffic, see
The actions the L4 Traffic Monitor takes depends on the L4 Traffic Monitor policies you configure.
To configure L4 Traffic Monitor policies:
Step 1
Navigate to the Web Security Manager > L4 Traffic Monitor page.
Step 2
Click Edit Settings.
Step 3
On the Edit L4 Traffic Monitor Policies page, configure the L4 Traffic Monitor policies described in
Table 21-1
L4 Traffic Monitor Policies
Property
Description
Allow List
Enter zero or more address to which the L4 Traffic Monitor should always allow
clients to connect.
clients to connect.
Separate multiple entries with a space or comma. For a list of valid address
formats you can use, see
formats you can use, see
Note
Entering a domain name such as example.com also matches
www.example.com and hostname.example.com.
www.example.com and hostname.example.com.
Connections to all destinations in this list are always allowed and the traffic is not
logged. The appliance does not check the destinations against the L4 Traffic
Monitor anti-malware rules or the additional suspected malware addresses listed
on the same page.
logged. The appliance does not check the destinations against the L4 Traffic
Monitor anti-malware rules or the additional suspected malware addresses listed
on the same page.
For example, if IP address 10.1.1.1 appears in both the Allow List and the
Additional Suspected Malware Addresses fields, then the L4 Traffic Monitor
always allows requests for 10.1.1.1.
Additional Suspected Malware Addresses fields, then the L4 Traffic Monitor
always allows requests for 10.1.1.1.
Note
Do not include the Web Security appliance IP address or hostname to the
Allow List otherwise the L4 Traffic Monitor does not block any traffic.
Allow List otherwise the L4 Traffic Monitor does not block any traffic.