Cisco Cisco Web Security Appliance S190 Guía Del Usuario
10-8
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 10 Create Policies to Control Internet Requests
Policy Configuration
Adding and Editing Secure Group Tags for a Policy
To change the list of Secure Group Tags (SGTs) assigned to a particular Identification Profile in a policy,
click the link following the ISE Secure Group Tags label in the Selected Groups and Users list on the
Add/Edit Policy page. (See
click the link following the ISE Secure Group Tags label in the Selected Groups and Users list on the
Add/Edit Policy page. (See
.) This link is either “No tags entered,” or it is a
list of currently assigned tags. The link opens the Add/Edit Secure Group Tags page.
All SGTs currently assigned to this policy are listed in the Authorized Secure Group Tags section. All
SGTs available from the connected ISE server are listed in the Secure Group Tag Search section.
SGTs available from the connected ISE server are listed in the Secure Group Tag Search section.
Step 1
To add one or more SGTs to the Authorized Secure Group Tags list, select the desired entries in the
Secure Group Tag Search section, and then click Add.
Secure Group Tag Search section, and then click Add.
The SGTs already added, are highlighted in green. To quickly find a specific SGT in the list of those
available, enter a text string in the Search field.
available, enter a text string in the Search field.
Step 2
To remove one or more SGTs from the Authorized Secure Group Tags list, select those entries and then
click Delete.
click Delete.
Step 3
Click Done to return to the Add/Edit Group page.
Related Topics
•
•
Policy Configuration
Each row in a table of policies represents a policy definition, and each column displays current contains
a link to a specific
a link to a specific
Option
Description
Protocols and User
Agents
Agents
Used to control policy access to protocols and configure blocking for particular
client applications, such as instant messaging clients, web browsers, and Internet
phone services. You can also configure the appliance to tunnel HTTP CONNECT
requests on specific ports. With tunneling enabled, the appliance passes HTTP
traffic through specified ports without evaluating it.
client applications, such as instant messaging clients, web browsers, and Internet
phone services. You can also configure the appliance to tunnel HTTP CONNECT
requests on specific ports. With tunneling enabled, the appliance passes HTTP
traffic through specified ports without evaluating it.
URL Filtering
AsyncOS for Web allows you to configure how the appliance handles a
transaction based on the URL category of a particular HTTP or HTTPS request.
Using a predefined category list, you can choose to monitor, block, warn or set
time-based content by category. You can also create custom URL categories and
choose to allow, monitor, block, warn, redirect or configure time-based traffic for
a website in the custom category.
transaction based on the URL category of a particular HTTP or HTTPS request.
Using a predefined category list, you can choose to monitor, block, warn or set
time-based content by category. You can also create custom URL categories and
choose to allow, monitor, block, warn, redirect or configure time-based traffic for
a website in the custom category.
Applications
The Application Visibility and Control (AVC) engine is an Acceptable Use
policy component that inspects Web traffic to gain deeper understanding and
control of Web traffic used for applications. The appliance allows the Web Proxy
to be configured to block or allow applications by Application Types, and by
individual applications. You can also apply controls to particular application
behaviors, such as file transfers, within a particular application. See
policy component that inspects Web traffic to gain deeper understanding and
control of Web traffic used for applications. The appliance allows the Web Proxy
to be configured to block or allow applications by Application Types, and by
individual applications. You can also apply controls to particular application
behaviors, such as file transfers, within a particular application. See
for configuration information.