Cisco Cisco Web Security Appliance S370 Guía Del Usuario
28-8
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 28 Common Tasks
Creating Access Policies for Active Directory User Groups
Step 21
Under the “Web Reputation and Anti-Malware Settings” section, choose Define Web Reputation and
Anti-Malware Custom Settings if it is not chosen already.
Anti-Malware Custom Settings if it is not chosen already.
Step 22
Move the left marker to -7.0 to change the score threshold for blocking URLs.
Step 23
Submit and Commit your changes.
Now, when users try to access the website in
, they should be able to access it (instead of seeing
an end-user notification page informing them that it was blocked due to web reputation) as long as the
current score is greater than -7.0 and that no malware was found during scanning.
current score is greater than -7.0 and that no malware was found during scanning.
Where to Find More Information
You can read the following sections for more detailed information on the steps included in this task:
•
•
•
•
Creating Access Policies for Active Directory User Groups
You might want to grant different levels of access control to different users. For example, you might need
to allow marketing users to access partner websites, but block engineering users from accessing partner
sites. When users are authenticated against an authentication server, such as Microsoft Active Directory,
and the authentication server has different user groups defined, you can create different policies for
different user groups.
to allow marketing users to access partner websites, but block engineering users from accessing partner
sites. When users are authenticated against an authentication server, such as Microsoft Active Directory,
and the authentication server has different user groups defined, you can create different policies for
different user groups.
In this task, you will create two Access Policies that apply to users in different Active Directory user
groups. One policy will be for Marketing users and the other for Engineering users.
groups. One policy will be for Marketing users and the other for Engineering users.
This task assumes that an NTLM authentication realm is defined on the Web Security appliance that
references an Active Directory server with configured user groups.
references an Active Directory server with configured user groups.
Step 1
Navigate to the Web Security Manager > Identities page.
Step 2
Click Add Identity.
Step 3
In the Name field, enter a name for this policy, such as
NTLMUsers
.
Step 4
In the Insert Above field, verify this Identity is below all other Identities that do not require
authentication.
authentication.
Step 5
In the Define Members by Authentication section, choose “Require Authentication” from the drop down
menu.
menu.
Step 6
In the Select a Realm or Sequence field, choose the NTLM authentication realm already defined on the
appliance.
appliance.
Step 7
In the Define Members by Protocol section, choose “HTTP/HTTPS Only.” This is because
authentication is not supported with native FTP transactions.
authentication is not supported with native FTP transactions.
Step 8
Use the default values for all other settings, or optionally, change them as needed by your organization.
Step 9
Click Submit.