Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
9-14
AsyncOS 8.3.6 for Cisco Content Security Management User Guide
Chapter 9 Managing Web Security Appliances
Publishing Configurations to Web Security Appliances
•
•
•
Before You Publish a Configuration Master
Publishing a Configuration Master overwrites existing policy information on the Web Security
appliances associated to that Configuration Master.
appliances associated to that Configuration Master.
For information about which settings you can configure using a Configuration Master, see
.
All Publishing Jobs
•
The AsyncOS version on the target Web Security appliance must be the same as or newer than the
Configuration Master version. For specific requirements, see the
Configuration Master version. For specific requirements, see the
•
(First time only) You must follow the procedures in
.
•
To ensure that the Configuration Master will publish and that the intended set of features will be
enabled after publishing, verify the feature sets of each Web Security appliance and the associated
Configuration Master and make any needed changes. See
enabled after publishing, verify the feature sets of each Web Security appliance and the associated
Configuration Master and make any needed changes. See
and if necessary,
If different features are enabled on different Web Security appliances assigned to the same
Configuration Master, you must publish to each appliance separately, and verify and enable features
before each publish.
Configuration Master, you must publish to each appliance separately, and verify and enable features
before each publish.
•
Save a configuration file from each target Web Security appliance so that you can restore the existing
configuration in case of problems with the published configuration. See the AsyncOS for Cisco Web
Security Appliances User Guide for details.
configuration in case of problems with the published configuration. See the AsyncOS for Cisco Web
Security Appliances User Guide for details.
•
Any change that would cause a Web proxy restart when committed on the Web Security appliance
will also cause a proxy restart when you publish it from the Security Management appliance. You
will receive a warning in these situations.
will also cause a proxy restart when you publish it from the Security Management appliance. You
will receive a warning in these situations.
Proxy restarts may also occur on publish if a change requiring proxy restart has been made on the
Web Security appliance. For example, if new groups are added on the Web Security appliance to a
group authentication configuration for an access policy, the web proxy will restart the next time the
configuration master is published. You will not receive warnings about proxy restarts in these cases.
Web Security appliance. For example, if new groups are added on the Web Security appliance to a
group authentication configuration for an access policy, the web proxy will restart the next time the
configuration master is published. You will not receive warnings about proxy restarts in these cases.
Web Proxy restarts temporarily interrupt web security services. For information about the effects of
restarting the web proxy, see the “Checking for Web Proxy Restart on Commit” section in the
AsyncOS for Cisco Web Security Appliances User Guide.
restarting the web proxy, see the “Checking for Web Proxy Restart on Commit” section in the
AsyncOS for Cisco Web Security Appliances User Guide.
•
When you publish any change to an Identity, all end-users must re-authenticate.
Special Situations
•
If you have reverted AsyncOS on the target Web Security appliance, you may need to associate a
different Configuration Master with that appliance.
different Configuration Master with that appliance.
•
If you publish a Configuration Master to a Web Security appliance that does not have a realm
configured with Transparent User Identification enabled, but you have selected Transparent User
Identification in an Identity or SaaS Policy:
configured with Transparent User Identification enabled, but you have selected Transparent User
Identification in an Identity or SaaS Policy: