Cisco Systems and the ASA Services Module Manual De Usuario

This chapter includes the following sections:

This section includes the following topics:

When an end user sends an HTTP or HTTPS request, the ASA receives it and optionally retrieves the 
user and/or group information. If the traffic matches an ASA service policy rule for Cloud Web Security, 
then the ASA redirects the request to the Cloud Web Security proxy servers. The ASA acts as an 
intermediary between the end user and the Cloud Web Security proxy server by redirecting the 
connection to the proxy server. The ASA changes the destination IP address and port in the client 
requests and adds Cloud Web Security-specific HTTP headers and then sends the modified request to the 
Cloud Web Security proxy server. The Cloud Web Security HTTP headers include various kinds of 
information, including the username and user group (if available).

User identity can be used to apply policy in Cloud Web Security. User identity is also useful for Cloud 
Web Security reporting. User identity is not required to use Cloud Web Security. There are other methods 
to identify traffic for Cloud Web Security policy.