Cisco Cisco Web Security Appliance S160 Notas de publicación
4
Release Notes for Cisco IronPort AsyncOS 7.5.0 for Web
What’s New in Cisco IronPort AsyncOS 7.5 for Web
FIPS Compliance AsyncOS for Web 7.5 provides support for the FIPS-compliant version of the Cisco
IronPort S670 Web Security appliance.
The Federal Information Processing Standard (FIPS) 140 is a publicly announced
standard developed jointly by the United States and Canadian federal governments
specifying requirements for cryptographic modules that are used by all government
agencies to protect sensitive but unclassified information. The Cisco IronPort S670
Web Security appliance is now offered in a configuration that complies with the
FIPS 140-2 Level 2 standard. This standard specifies additional protections for
information used in cryptographic operations, including the use of a
tamper-resistant hardware keystore for private keys.
standard developed jointly by the United States and Canadian federal governments
specifying requirements for cryptographic modules that are used by all government
agencies to protect sensitive but unclassified information. The Cisco IronPort S670
Web Security appliance is now offered in a configuration that complies with the
FIPS 140-2 Level 2 standard. This standard specifies additional protections for
information used in cryptographic operations, including the use of a
tamper-resistant hardware keystore for private keys.
The FIPS version of the S670 includes a Hardware Security Module (HSM). The
HSM provides cryptographic processing for the appliance as well as storage for
private keys. All cryptographic operations take place within the secure environment
of the HSM.
HSM provides cryptographic processing for the appliance as well as storage for
private keys. All cryptographic operations take place within the secure environment
of the HSM.
AsyncOS for Web 7.5 provides support for using the HSM for all cryptographic
operations performed by the appliance. It also provides a FIPS management
console to allow an administrator to configure the HSM for use in a clustered
environment and manage certificates and private keys.
operations performed by the appliance. It also provides a FIPS management
console to allow an administrator to configure the HSM for use in a clustered
environment and manage certificates and private keys.
For more information, see the “FIPS Management” chapter of the Cisco IronPort
AsyncOS for Web User Guide.
AsyncOS for Web User Guide.
Identifying
Clients by IP
Address in the
XFF Header
Clients by IP
Address in the
XFF Header
In AsyncOS for Web 7.5, when the appliance has been deployed as an upstream
proxy, you identify clients using the IP address specified in the X-Forwarded-For
header instead of the IP address from the downstream proxy.
proxy, you identify clients using the IP address specified in the X-Forwarded-For
header instead of the IP address from the downstream proxy.
Use the “Use Received Headers” section when you configure the Web Proxy or the
advancedproxyconfig > miscellaneous
CLI command.
For more information, see the “Configuring the Web Proxy” section in the “Web
Proxy Services” chapter of the Cisco IronPort AsyncOS for Web User Guide.
Proxy Services” chapter of the Cisco IronPort AsyncOS for Web User Guide.
[Defect ID: 74303]
AsyncOS
Upgrades
Notification
Upgrades
Notification
AsyncOS for Web 7.5 displays a message at the top of the web interface notifying
you when an upgrade to AsyncOS is available for the appliance. AsyncOS displays
this notification for any administrator logged into the appliance.
you when an upgrade to AsyncOS is available for the appliance. AsyncOS displays
this notification for any administrator logged into the appliance.
Hover over the notification with your mouse cursor to view the number of upgrades
available for the appliance and the version and build number of the latest available
upgrade. You can choose to dismiss the message and the appliance will not display
another notification until a new upgrade becomes available.
available for the appliance and the version and build number of the latest available
upgrade. You can choose to dismiss the message and the appliance will not display
another notification until a new upgrade becomes available.
For more information, see the “Available Upgrade Notifications” section in the
“System Administration” chapter of the Cisco IronPort AsyncOS for Web User
Guide.
“System Administration” chapter of the Cisco IronPort AsyncOS for Web User
Guide.
[Defect ID: 74267]
Table 1
New Features for AsyncOS 7.5 for Web (continued)
Feature
Description