Cisco Cisco Web Security Appliance S170 Guía Del Usuario
9-5
Cisco AsyncOS 8.0.6 for Web User Guide
Chapter 9 Create Policies to Control Internet Requests
Policies
2.
Actions. The actions a policy will apply to requests that match its membership criteria. Actions are
typically to block or allow requests, but other actions, such as to scan or redirect requests, are also
possible, depending on the policy type.
typically to block or allow requests, but other actions, such as to scan or redirect requests, are also
possible, depending on the policy type.
Criteria must be specified when creating user-defined policies but actions are inherited from global
policies until explicitly defined. Most global policies are permissive by default, which means they allow
all requests. The SOCKS global policy blocks all traffic by default, however.
policies until explicitly defined. Most global policies are permissive by default, which means they allow
all requests. The SOCKS global policy blocks all traffic by default, however.
Identities. Identities are used in policy membership criteria and are particularly important as they
contain many options for identifying web transaction. They also share many properties with policies.
Identities are created as individual units.
contain many options for identifying web transaction. They also share many properties with policies.
Identities are created as individual units.
Policy Order
The order in which policies are listed in a policy table determines the priority with which they are applied
to web requests. Web requests are checked against policies beginning at the top of the table and ending
at the first policy matched. Any policies below that point in the table are not processed.
to web requests. Web requests are checked against policies beginning at the top of the table and ending
at the first policy matched. Any policies below that point in the table are not processed.
If no user-defined policy is matched against a web request, then the global policy for that policy type is
applied. Global policies are always positioned last in policy tables and cannot be reordered.
applied. Global policies are always positioned last in policy tables and cannot be reordered.
Creating a Policy
Before you begin
•
Enable the appropriate proxy:
–
Web Proxy (for HTTP, decrypted HTTPS, and FTP)
–
HTTPS Proxy
–
SOCKS Proxy
•
Create associated identities.
•
.
•
(Encrypted HTTPS only) Upload or generate a Certificate and Key.
•
(Data Security only) Enable Cisco Data Security Filters Settings.
•
(External DLP only) Define an External DLP server.
•
(Routing only) Define the associated upstream proxy on the Web Security appliance.
•
(Optional) Create associated client applications.
•
(Optional) Create associated time ranges in Limiting Access by Time of Day.
•
(Optional) Create associated URL categories.
Step 1
From the Web Security Manager menu, select one of these policy types:
•
Access
•
Encrypted HTTPS
•
Data Security
•
External DLP
•
Outbound Malware Scanning