Cisco Systems and the ASA Services Module Manual De Usuario
25-10
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 25 Configuring the ASA for Cisco Cloud Web Security
Configuring Cisco Cloud Web Security
Note
You must configure a route pointing to the Scansafe towers in both; the admin context and the specific
context. This ensures that the Scansafe tower does not become unreachable in the Active/Active failover
scenario.
context. This ensures that the Scansafe tower does not become unreachable in the Active/Active failover
scenario.
The following sample configuration enables Cloud Web Security in context one with the default license
and in context two with the license key override:
and in context two with the license key override:
! System Context
!
scansafe general-options
server primary ip 180.24.0.62 port 8080
retry-count 5
license 366C1D3F5CE67D33D3E9ACEC265261E5
!
context one
allocate-interface GigabitEthernet0/0.1
allocate-interface GigabitEthernet0/1.1
allocate-interface GigabitEthernet0/3.1
scansafe
config-url disk0:/one_ctx.cfg
!
context two
allocate-interface GigabitEthernet0/0.2
allocate-interface GigabitEthernet0/1.2
allocate-interface GigabitEthernet0/3.2
scansafe license 366C1D3F5CE67D33D3E9ACEC26789534
config-url disk0:/two_ctx.cfg
!
Configuring a Service Policy to Send Traffic to Cloud Web Security
See
for more
information about service policy rules.
Prerequisites
(Optional) If you need to use a whitelist to exempt some traffic from being sent to Cloud Web Security,
first create the whitelist according to the
first create the whitelist according to the
so you can refer to the whitelist in your service policy rule.