Cisco Cisco Web Security Appliance S160 Guía Del Usuario
6-13
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 6 Working with Policies
Working with Time Based Policies
•
Subnet membership criteria defined in the Identity group can be further
narrowed down in the policy group using the Identity group.
narrowed down in the policy group using the Identity group.
•
Advanced membership criteria (proxy ports, URL categories, and user
agents) defined in the Identity group cannot be defined in the policy group
using the Identity group.
agents) defined in the Identity group cannot be defined in the policy group
using the Identity group.
•
Define Identity groups as broadly as possible. Then you can use the Identity
groups in other policy types and further narrow down membership as
necessary.
groups in other policy types and further narrow down membership as
necessary.
•
Define fewer, more generic Decryption and Routing Policies as much as
possible.
possible.
•
If you need to define membership by URL category, only define it in the
Identity group when you need to exempt from authentication requests to that
category. For other purposes, define membership by URL category in the
Access, Decryption, Routing, Data Security, or External DLP Policy group.
This can increase performance in most cases.
Identity group when you need to exempt from authentication requests to that
category. For other purposes, define membership by URL category in the
Access, Decryption, Routing, Data Security, or External DLP Policy group.
This can increase performance in most cases.
Working with Time Based Policies
The Web Security appliance provides the means to create time based policies by
specifying time ranges, such as business hours, and using those time ranges to
define access to the web. You can define policy group membership based on time
ranges, and you can specify actions for URL filtering based on time ranges.
specifying time ranges, such as business hours, and using those time ranges to
define access to the web. You can define policy group membership based on time
ranges, and you can specify actions for URL filtering based on time ranges.
You might want to use time ranges to accomplish the following tasks:
•
You can block access to high bandwidth sites, such as streaming media, or
distracting sites, such as games, during business hours.
distracting sites, such as games, during business hours.
•
You can route transactions to a particular external proxy after midnight when
the other proxies are being serviced.
the other proxies are being serviced.
•
You can allow larger files to be downloaded on the weekends.
Define time ranges on the Web Security Manager > Defined Time Ranges page.
You can create time ranges to define concepts such as “business hours” or
“weekend shift.” Then you can use the time ranges in the following locations:
You can create time ranges to define concepts such as “business hours” or
“weekend shift.” Then you can use the time ranges in the following locations:
•
Policy group membership for a Routing, Access, or Decryption Policy.
•
URL filtering settings for Access Policies.