Cisco Cisco Content Security Management Appliance M390 Guía Del Usuario
8-10
Cisco IronPort AsyncOS 8.0 for Security Management User Guide
Chapter 8 Managing Web Security Appliances
The only challenge with this method is if you have a default policy or Identity that differs between sites.
For example, if you have a policy set for “default allow with auth” at one site and a “default deny” at
another. At this point you will need to create per-appliance Identities and policies just above the default;
essentially creating your own “default” policy.
For example, if you have a policy set for “default allow with auth” at one site and a “default deny” at
another. At this point you will need to create per-appliance Identities and policies just above the default;
essentially creating your own “default” policy.
Ensuring that Features are Enabled Consistently
Before you publish a Configuration Master, you should ensure that it will publish and that the intended
features will be enabled and configured as you expect them to be after publishing.
features will be enabled and configured as you expect them to be after publishing.
To do this, do both of the following:
•
•
Note
If multiple Web Security appliances with different features enabled are assigned to the same
Configuration Master, you should publish to each appliance separately, and perform these procedures
before each publish.
Configuration Master, you should publish to each appliance separately, and perform these procedures
before each publish.
Comparing Enabled Features
Verify that the features enabled on each Web Security appliance match the features enabled for the
Configuration Master associated with that appliance.
Configuration Master associated with that appliance.
Note
If multiple Web Security appliances with different features enabled are assigned to the same
Configuration Master, you should publish to each appliance separately, and perform this check before
each publish.
Configuration Master, you should publish to each appliance separately, and perform this check before
each publish.
To verify enabled features for a Web Security appliance:
Procedure
Step 1
On the Security Management appliance, choose Web > Utilities > Web Appliance Status.
Step 2
Click the name of a Web Security appliance to which you will publish a Configuration Master.
Step 3
Scroll to the Security Services table.
Step 4
Verify that the Feature Keys for all enabled features are active and not expired.
Step 5
Compare the settings in the Services columns:
The Web Appliance Service column and the Is Service Displayed on Management Appliance?
column should be consistent.
column should be consistent.
•
Enabled = Yes
•
Disabled and Not Configured = No or Disabled.
•
N/A = Not Applicable. For example, the option may not be configurable using a Configuration
Master, but is listed so that you can see the Feature Key status.
Master, but is listed so that you can see the Feature Key status.
Configuration mismatches will appear in red text.
Step 6
If the enabled/disabled settings for a feature do not match, do one of the following: