Cisco Cisco Web Security Appliance S360 Guía Del Usuario

Descargar
Página de 430
 
9-4
AsyncOS 8.1 for Cisco Web Security User Guide
 
Chapter 9      Create Policies to Control Internet Requests
  Policies
Each policy type uses a policy table to store and manage its policies. Each policy table comes with a 
predefined, global policy, which maintains default actions for a policy type. Additional, user-defined 
policies are created and added to the policy table as required. Policies are processed in the order in which 
they are listed in the policy table.
Individual policies define the request types they manage and the actions they perform on those requests. 
Each policy has two main parts: 
1.
Criteria. The criteria used to identify the requests to which the policy applies. One or more criteria 
can be specified in a policy and all must be match for the criteria to be met. The criteria are 
Protocols. Allow the transfer of data between various networking devices such as http, https, ftp, 
etc.
Subnet. The logical grouping of connected network devices (such as geographic location or Local 
Area Network [LAN]), where the request originated
Proxy Port. the numbered port by which the request accesses the web proxy, 
Limiting Access by Time of Day. Time ranges can be created for use in policies to identify or apply 
actions to web requests based on the time or day the requests were made. The time ranges are created 
as individual units.
URL Categories. URL categories are predefined or custom categories of websites, such as News, 
Business, Social Media, etc. These can be used to identify or apply actions to web requests. 
User Agents. These are the client applications (such as a web browser Firefox or Chrome) used to 
make requests. You can define policy criteria based on user agents, and you can specify control 
settings based on user agents. You can also exempt user agents from authentication, which is useful 
for applications that cannot prompt for credentials. You can define custom client applications but 
cannot reuse these definitions other policies.
Note
When you define multiple membership criteria, the client request must meet all criteria to match the 
policy.
Outbound 
Malware 
Scanning
HTTP
Decrypted HTTPS
FTP
Block, monitor, or allow requests to upload 
data that may contain malicious data. 
Prevent malware that is already present on 
your network from being transmitted to 
external networks. 
Routing
HTTP
HTTPS
FTP
Direct web traffic through upstream proxies 
or direct it to destination servers. You might 
want to redirect traffic through upstream 
proxies to preserve your existing network 
design, to off-load processing from the Web 
Security appliance, or to leverage additional 
functionality provided by 3rd-party proxy 
systems. 
If multiple upstream proxies are available, 
the Web Security appliance can use load 
balancing techniques to distribute data to 
them. 
Policy Type
Request Type
Description
Link to task