Cisco Cisco Web Security Appliance S170 Guía Del Usuario
8-3
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 8 Working with Policies
Policy Types
All other policies you create must specify an Identity.
Configure Identities on the Web Security Manager > Identities page. For more information about
Identities, see
Identities, see
Decryption Policies
Decryption Policies determine whether or not an HTTPS connection should be decrypted, passed
through, or dropped. They address the question, “to decrypt or not to decrypt?”
through, or dropped. They address the question, “to decrypt or not to decrypt?”
The appliance uses Decryption Policies to evaluate HTTPS requests. The Decryption Policy group that
applies to an HTTPS request determines whether the appliance drops the connection, passes it through
without decryption, or decrypts the connection and subsequently evaluate the decrypted request and
response against the defined Access Policy groups.
applies to an HTTPS request determines whether the appliance drops the connection, passes it through
without decryption, or decrypts the connection and subsequently evaluate the decrypted request and
response against the defined Access Policy groups.
Configure Decryption Policy groups on the Web Security Manager > Decryption Policies page. For more
information about Decryption Policy groups, see
information about Decryption Policy groups, see
Routing Policies
Routing Policies determine to where to pass the client request, either to another proxy or to the
destination server. They address the question, “from where to fetch content?”
destination server. They address the question, “from where to fetch content?”
You can use this policy type to select a group of upstream proxies configured for load balancing or
failover.
failover.
Configure Routing Policies on the Web Security Manager > Routing Policies page. For more information
about Routing Policies, see
about Routing Policies, see
.
Access Policies
Access Policies determine whether to allow or block HTTP and decrypted HTTPS transactions. They
address the question, “to allow or block the transaction?”
address the question, “to allow or block the transaction?”
Access Policies determine how the appliance controls access to services, applications, and objects on the
web for HTTP and decrypted HTTPS requests. The appliance uses Access Policies to evaluate and scan
HTTP requests and HTTPS requests designated for decryption.
web for HTTP and decrypted HTTPS requests. The appliance uses Access Policies to evaluate and scan
HTTP requests and HTTPS requests designated for decryption.
Configure Access Policy groups on the Web Security Manager > Access Policies page. For more
information about Access Policy groups, see
information about Access Policy groups, see
.
Cisco IronPort Data Security Policies
Cisco IronPort Data Security Policies determine whether or not to block a request to upload data using
logic defined on the Web Security appliance. They address the question, “to block the upload of data?”
logic defined on the Web Security appliance. They address the question, “to block the upload of data?”
The Web Proxy uses Cisco IronPort Data Security Policies to evaluate and scan HTTP requests and
decrypted HTTPS requests that have any data in the request body.
decrypted HTTPS requests that have any data in the request body.
Configure Data Security Policy groups on the Web Security Manager > Cisco IronPort Data Security
page. For more information about Data Security Policy groups, see
page. For more information about Data Security Policy groups, see