Cisco Cisco Web Security Appliance S170 Guía Del Usuario
C H A P T E R
2-1
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
2
Hybrid Web Security Mode
•
•
•
•
•
Overview of Hybrid Web Security Mode
Hybrid Web Security mode provides unified cloud and on-premise policy enforcement and threat
defense, using policies defined in Cisco ScanCenter—the administrative portal to Cloud Web
Security—which are automatically downloaded to the Web Security appliance.
defense, using policies defined in Cisco ScanCenter—the administrative portal to Cloud Web
Security—which are automatically downloaded to the Web Security appliance.
Hybrid Web Security provides a subset of the features provided in Standard mode, and use of these is
the same as in Standard mode, except as noted in this documentation. See
the same as in Standard mode, except as noted in this documentation. See
for additional information.
This chapter links to locations within this documentation that provide information about some of the major
features of the Web Security Appliance that are common to both Standard mode and Hybrid Web Security
mode. This chapter includes information about configuring the Hybrid Web Security that is not
applicable in Standard mode.
features of the Web Security Appliance that are common to both Standard mode and Hybrid Web Security
mode. This chapter includes information about configuring the Hybrid Web Security that is not
applicable in Standard mode.
This document does not include information about Cisco Cloud Web Security and ScanCenter. That
documentation is available at
documentation is available at
About Policy Application from Cloud Web Security
Please note these points regarding download, conversion and application of CWS policies/filters/rules to
WSA policies:
WSA policies:
•
Translation of both default and user-defined CWS policies to WSA policies is not a one-to-one
conversion; however, the action that results from application of a particular policy in both
environments is the same. In other words, the Block or Allow decision is always consistent,
regardless of the sequence of rules “fired” in both cases. This allows rule evaluation in the proxy to
be optimized for better performance without compromising consistent behavior.
conversion; however, the action that results from application of a particular policy in both
environments is the same. In other words, the Block or Allow decision is always consistent,
regardless of the sequence of rules “fired” in both cases. This allows rule evaluation in the proxy to
be optimized for better performance without compromising consistent behavior.