Cisco Cisco Web Security Appliance S360 Guía Del Usuario
7-3
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 7 Identities
Evaluating Identity Group Membership
•
Protocol. The protocol used in the transaction, either HTTP/HTTPS or native
FTP.
FTP.
•
Port. The proxy port of the request must be in the Identity group’s list of
ports, if any are listed. For explicit forward connections, this is the port
configured in the browser. For transparent connections, this is the same as the
destination port.
ports, if any are listed. For explicit forward connections, this is the port
configured in the browser. For transparent connections, this is the same as the
destination port.
You might want to define Identity group membership on the proxy port if you
have one set of clients configured to explicitly forward requests on one port,
and another set of clients configured to explicitly forward requests on a
different port.
have one set of clients configured to explicitly forward requests on one port,
and another set of clients configured to explicitly forward requests on a
different port.
Note
Cisco recommends only defining Identity group membership by the proxy
port when the appliance is deployed in explicit forward mode, or when
clients explicitly forward requests to the appliance. When you define
Identity group membership by the proxy port when clients requests get
transparently redirected to the appliance, some requests might be
erroneously denied.
port when the appliance is deployed in explicit forward mode, or when
clients explicitly forward requests to the appliance. When you define
Identity group membership by the proxy port when clients requests get
transparently redirected to the appliance, some requests might be
erroneously denied.
•
User agent. The user agent making the request must be in the Identity group’s
list of user agents, if any are listed. You might want to group by user agent for
user agents that cannot handle authentication and you want to create an
Identity that does not require authentication.
list of user agents, if any are listed. You might want to group by user agent for
user agents that cannot handle authentication and you want to create an
Identity that does not require authentication.
•
URL category. The URL category of the request URL must be in the Identity
group’s list of URL categories, if any are listed. You might want to group by
URL destination category if you create different authentication groups based
on URL categories and want to apply them to users depending on the website
categorization.
group’s list of URL categories, if any are listed. You might want to group by
URL destination category if you create different authentication groups based
on URL categories and want to apply them to users depending on the website
categorization.
•
Authentication requirements. If the Identity group requires authentication,
the client authentication credentials must match the Identity group’s
authentication requirements. For more information about how authentication
works with Identity groups, see
the client authentication credentials must match the Identity group’s
authentication requirements. For more information about how authentication
works with Identity groups, see
The information in this section gives an overview of how the appliance matches
client requests to Identity groups. For more details on exactly how the appliance
matches client requests, see
client requests to Identity groups. For more details on exactly how the appliance
matches client requests, see
.