Cisco Cisco Web Security Appliance S160 Guía Del Usuario
13-16
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 13 Data Security and External DLP Policies
Controlling Upload Requests Using External DLP Policies
Step 5
You can test the connection between the Web Security appliance and the defined external DLP server(s)
by clicking Start Test.
by clicking Start Test.
Step 6
Submit and commit your changes.
Controlling Upload Requests Using External DLP Policies
Each upload request is assigned to an External DLP Policy group and inherits the control settings of that
policy group. The control settings of the External DLP Policy group determine whether or not to send
the upload request to the external DLP system for scanning.
policy group. The control settings of the External DLP Policy group determine whether or not to send
the upload request to the external DLP system for scanning.
Once the Web Proxy receives the upload request headers, it has all the information necessary to decide
if the request should go to the external DLP system for scanning. The DLP system scans the request and
returns a verdict to the Web Proxy, either block or monitor (evaluate the request against the Access
Policies). The block page provided by the DLP system appears to the end user, if applicable.
if the request should go to the external DLP system for scanning. The DLP system scans the request and
returns a verdict to the Web Proxy, either block or monitor (evaluate the request against the Access
Policies). The block page provided by the DLP system appears to the end user, if applicable.
Note
If any Data Security Policy group applies to the upload request, the Web Proxy evaluates the policy
group’s control settings against the upload request at the same time the external DLP system scans the
request. If a Data Security Policy setting blocks the request before the DLP system is done scanning, the
Web Proxy blocks the request and terminates the ICAP session with the DLP system.
group’s control settings against the upload request at the same time the external DLP system scans the
request. If a Data Security Policy setting blocks the request before the DLP system is done scanning, the
Web Proxy blocks the request and terminates the ICAP session with the DLP system.
Configure control settings for External DLP Policy groups on the Web Security Manager > External Data
Loss Prevention page.
Loss Prevention page.
shows where you can configure control settings for the External DLP Policy groups.
Figure 13-7
Creating External DLP Policies
Step 1
Navigate to the Web Security Manager > External Data Loss Prevention page.
Step 2
Click the link under the Destinations column for the policy group you want to configure.
Step 3
Under the Edit Destination Settings section, choose “Define Destinations Scanning Custom Settings”
from the drop down menu if it is not selected already.
from the drop down menu if it is not selected already.