Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
33-24
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 33 Distributing Administrative Tasks
Configuring Access to the Email Security Appliance
Step 4
Enter the IP addresses from which users will be allowed to connect to the appliance.
You can enter an IP address, IP address range or CIDR range. Use commas to separate multiple entries.
Step 5
If connecting through a proxy is allowed, enter the following information:
•
The IP addresses of the proxies allowed to connect to the appliance. Use commas to separate
multiple entries.
multiple entries.
•
The name of the origin IP header that the proxy sends to the appliance, which contains the IP
addresses of the remote user’s machine and the proxy servers that forwarded the request. By default,
the name of the header is
addresses of the remote user’s machine and the proxy servers that forwarded the request. By default,
the name of the header is
x-forwarded-for
.
Step 6
Ensure that you have not configured a change that will lock you out of the appliance after you submit
and commit your changes.
and commit your changes.
Step 7
Submit and commit your changes.
Configuring Session Timeouts
•
•
Configuring the Web UI Session Timeout
You can specify how long a user can be logged into the Email Security appliance’s Web UI before
AsyncOS logs the user out due to inactivity. This Web UI session timeout applies to:
AsyncOS logs the user out due to inactivity. This Web UI session timeout applies to:
•
All users, including administrator
•
HTTP and HTTPS sessions
Only Allow Specific Connections
Through Proxy
Through Proxy
This mode allows a user to connect to the appliance through a
reverse proxy if the following conditions are met:
reverse proxy if the following conditions are met:
•
The connecting proxy’s IP address is included in the
access list’s IP Address of Proxy Server field.
access list’s IP Address of Proxy Server field.
•
The proxy includes the
x-forwarded-header
HTTP
header in its connection request.
•
The value of
x-forwarded-header
is not empty.
•
The remote user’s IP address is included in
x-forwarded-header
and it matches the IP addresses, IP
ranges, or CIDR ranges defined for users in the access
list.
list.
Only Allow Specific Connections
Directly or Through Proxy
Directly or Through Proxy
This mode allows users to connect through a reverse proxy or
directly to the appliance if their IP address matches the IP
addresses, IP ranges, or CIDR ranges included in the access
list. The conditions for connecting through a proxy are the
same as in the Only Allow Specific Connections Through
Proxy mode.
directly to the appliance if their IP address matches the IP
addresses, IP ranges, or CIDR ranges included in the access
list. The conditions for connecting through a proxy are the
same as in the Only Allow Specific Connections Through
Proxy mode.
Option Description