Cisco Cisco Web Security Appliance S170 Guía Del Usuario
2-2
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 2 Hybrid Web Security Mode
WSA Functionality Not Available in Hybrid Mode
•
Supported anti-malware scanning services are not the same on both platforms; they will remain
independent. The WSA provides an option to choose scanning services, and at least one must
be enabled.
independent. The WSA provides an option to choose scanning services, and at least one must
be enabled.
•
In Hybrid mode, the WSA does not support the following items; these will not be downloaded:
–
Any rule assigned the Authenticate or Warn action. (Warn was supported in an earlier version
of Hybrid mode for URL categories; this is no longer the case.)
of Hybrid mode for URL categories; this is no longer the case.)
–
Outbound filters. Any rule using a filter that contains any Keyword, Outbound File Type,
Preconfigured ID, or Regular Expression. Inbound Extensions are also not supported.
Preconfigured ID, or Regular Expression. Inbound Extensions are also not supported.
–
Whitelisting sets of domains and URLS to bypass Sypware/Web Reputation scanning at the
global level is not supported.
global level is not supported.
–
Anonymize. Any CWS rule that has the action set to Anonymize.
–
SearchAhead
–
WSA does not incorporate the concept of delegated administration. CWS will send the merged
policy configuration.
policy configuration.
WSA Functionality Not Available in Hybrid Mode
The following WSA features are not available in Hybrid mode:
•
Time and Volume Quotas
•
External DLP
•
SaaS Polices
•
L4TM
•
Upstream Proxy support
•
ISE integration
•
Range Requests
•
Native FTP & SOCKS protocol support
•
SNMP
•
HTTPS rules assigned the Drop action
Pre-configuration Requirements
•
For compatibility with Cloud Web Security policies, when operating in Web Hybrid mode at
least one anti-malware scanning engine (McAfee, Sophos, or Webroot) must be licensed and
available. Ensure the valid license(s) or feature key(s) are available in order to complete set-up in
Web Hybrid mode.
least one anti-malware scanning engine (McAfee, Sophos, or Webroot) must be licensed and
available. Ensure the valid license(s) or feature key(s) are available in order to complete set-up in
Web Hybrid mode.
•
Both CWS and WSA require a Certificate Authority-signed certificate to authenticate and secure
communications between them. You must generate this certificate externally and upload the
certificate and its key to both Cisco ScanCenter and the Cisco WSA. See
communications between them. You must generate this certificate externally and upload the
certificate and its key to both Cisco ScanCenter and the Cisco WSA. See