Cisco Cisco Web Security Appliance S160 Guía Del Usuario
Chapter 10 Decryption Policies
Decryption Policies Overview
10-4
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
providers, such as gmail or hotmail. For more information about how the
appliance decrypts HTTPS traffic, see
appliance decrypts HTTPS traffic, see
Note
The actions above are final actions the Web Proxy takes on an HTTPS request.
The “Monitor” action you can configure for Decryption Policies is not a final
action. For more information, see
The “Monitor” action you can configure for Decryption Policies is not a final
action. For more information, see
.
Once the appliance assigns a Decryption Policy to an HTTPS connection request,
it evaluates the request against the policy group’s configured control settings to
determine which action to take. You can configure URL filter and web reputation
settings to determine how to handle HTTPS requests for a particular policy group.
For more information about how the appliance uses Decryption Policy groups to
control HTTPS traffic, see
it evaluates the request against the policy group’s configured control settings to
determine which action to take. You can configure URL filter and web reputation
settings to determine how to handle HTTPS requests for a particular policy group.
For more information about how the appliance uses Decryption Policy groups to
control HTTPS traffic, see
Note
Cisco recommends creating fewer, more general Decryption Policy groups that
apply to all users or fewer, larger groups of users on the network. Then, if you
need to apply more granular control to decrypted HTTPS traffic, use more specific
Access Policy groups. For more information about Access Policy groups, see
apply to all users or fewer, larger groups of users on the network. Then, if you
need to apply more granular control to decrypted HTTPS traffic, use more specific
Access Policy groups. For more information about Access Policy groups, see
For information about creating and using policy groups, see
.
Note
The next two sections contain information about digital cryptography and HTTPS
for reference only.
for reference only.
Personally Identifiable Information Disclosure
If you choose to decrypt an end-user’s HTTPS session, then the Web Security
appliance access logs and reports may contain personally identifiable
information. Cisco recommends that Web Security appliance administrators take
care when handling this sensitive information.
appliance access logs and reports may contain personally identifiable
information. Cisco recommends that Web Security appliance administrators take
care when handling this sensitive information.