Cisco Cisco Web Security Appliance S170 Guía Del Usuario
12-7
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 12 Data Security and External DLP Policies
Evaluating Data Security and External DLP Policy Group Membership
Evaluating Data Security and External DLP Policy
Group Membership
Group Membership
Each client request is assigned to an Identity and then is evaluated against the
other policy types to determine which policy group it belongs for each type. The
Web Proxy evaluates upload requests against the Data Security and External DLP
Policies.
other policy types to determine which policy group it belongs for each type. The
Web Proxy evaluates upload requests against the Data Security and External DLP
Policies.
The Web Proxy applies the configured policy control settings to a client request
based on the client request’s policy group membership.
based on the client request’s policy group membership.
To determine the policy group that a client request matches, the Web Proxy
follows a specific process for matching the group membership criteria. During
this process, it considers the following factors for group membership:
follows a specific process for matching the group membership criteria. During
this process, it considers the following factors for group membership:
•
Identity. Each client request either matches an Identity, fails authentication
and is granted guest access, or fails authentication and gets terminated. For
more information about evaluating Identity group membership, see
and is granted guest access, or fails authentication and gets terminated. For
more information about evaluating Identity group membership, see
.
•
Authorized users. If the assigned Identity requires authentication, the user
must be in the list of authorized users in the Data Security or External DLP
Policy group to match the policy group. The list of authorized users can be
any of the specified groups or users or can be guest users if the Identity allows
guest access.
must be in the list of authorized users in the Data Security or External DLP
Policy group to match the policy group. The list of authorized users can be
any of the specified groups or users or can be guest users if the Identity allows
guest access.
•
Advanced options. You can configure several advanced options for Data
Security and External DLP Policy group membership. Some options (such as
proxy port and URL category) can also be defined within the Identity. When
an advanced option is configured in the Identity, it is not configurable in the
Data Security or External DLP Policy group level.
Security and External DLP Policy group membership. Some options (such as
proxy port and URL category) can also be defined within the Identity. When
an advanced option is configured in the Identity, it is not configurable in the
Data Security or External DLP Policy group level.
The information in this section gives an overview of how the Web Proxy matches
upload requests to both Data Security and External DLP Policy groups. For more
details about exactly how the Web Proxy matches client requests, see
upload requests to both Data Security and External DLP Policy groups. For more
details about exactly how the Web Proxy matches client requests, see
The Web Proxy sequentially reads through each policy group in the policies table.
It compares the upload request status to the membership criteria of the first policy
group. If they match, the Web Proxy applies the policy settings of that policy
group.
It compares the upload request status to the membership criteria of the first policy
group. If they match, the Web Proxy applies the policy settings of that policy
group.