Cisco Cisco Web Security Appliance S370 Guía Del Usuario
Chapter 6 Working with Policies
Working with Policies Overview
6-2
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
•
Guest users on customer-facing machines, such as computers in a company
store, cannot access banking sites, but employees can.
store, cannot access banking sites, but employees can.
•
No users can access gambling sites. Instead, when they try to view a gambling
site, they see a web page that explains the organization’s policies.
site, they see a web page that explains the organization’s policies.
•
All users trying to access a particular site that no longer exists are redirected
to a different site.
to a different site.
•
All users except those in IT are blocked from accessing potential malware
sites, but users in IT can access them for testing purposes, and the
downloaded content is scanned for harmful objects.
sites, but users in IT can access them for testing purposes, and the
downloaded content is scanned for harmful objects.
•
All requests for streaming media are blocked during business hours, but
allowed outside of business hours.
allowed outside of business hours.
•
All requests from a particular user agent, such as a software update program,
are allowed without requiring authentication.
are allowed without requiring authentication.
•
Block uploads of all Excel spreadsheet files greater than 2 MB.
•
Block uploads of data to sites with a bad web reputation.
•
Block uploads of data infected with malware.
To enforce organizational policies, you define different policies in the Web
Security appliance. The appliance uses different types of policies for different
functions. For more information about the types of policies, see
Security appliance. The appliance uses different types of policies for different
functions. For more information about the types of policies, see
When you work with policies, you create policy groups. After you create policy
groups, you can define the control settings for each group. For more information
about working with policy groups, see
groups, you can define the control settings for each group. For more information
about working with policy groups, see
.
After you have created policies, you can figure out which policy groups apply to
a particular client transaction for troubleshooting purposes. For example, you can
find out if user jsmith tries to open a Firefox browser to the URL
http://www.google.com, then which policy groups apply to the transaction. For
more information about tracing policies, see
a particular client transaction for troubleshooting purposes. For example, you can
find out if user jsmith tries to open a Firefox browser to the URL
http://www.google.com, then which policy groups apply to the transaction. For
more information about tracing policies, see
.
Note
The Web Security appliance is permissive by default. That is, requests are allowed
unless specifically blocked in a policy group.
unless specifically blocked in a policy group.