Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
9-14
AsyncOS 8.2 for Cisco Content Security Management User Guide
Chapter 9 Managing Web Security Appliances
–
For Identities, Transparent User Identification is disabled and the Require Authentication
option is selected instead.
option is selected instead.
–
For Saas Policies, the Transparent User Identification option is disabled and the default option
(Always prompt SaaS users for proxy authentication) is selected instead.
(Always prompt SaaS users for proxy authentication) is selected instead.
•
When you publish External DLP policies from a Security Management appliance to multiple Web
Security appliances that are not configured for RSA servers, the Security Management appliance
will send the following publish status warning:
Security appliances that are not configured for RSA servers, the Security Management appliance
will send the following publish status warning:
“The Security Services display settings configured for Configuration Master <version> do not
currently reflect the state of one or more Security Services on Web Appliances associated with
this publish request. The affected appliances are: “<WSA Appliance Names>”. This may
indicate a misconfiguration of the Security Services display settings for this particular
Configuration Master. Go to the Web Appliance Status page for each appliance provides a
detailed view to troubleshooting this issue. Do you want to continue publishing the
configuration now?”
currently reflect the state of one or more Security Services on Web Appliances associated with
this publish request. The affected appliances are: “<WSA Appliance Names>”. This may
indicate a misconfiguration of the Security Services display settings for this particular
Configuration Master. Go to the Web Appliance Status page for each appliance provides a
detailed view to troubleshooting this issue. Do you want to continue publishing the
configuration now?”
If you decide to continue to publish, the Web Security appliance that is not configured for the RSA
servers will receive the External DLP policies, but these policies will be disabled.The Web Security
appliance External DLP page will not show the published policies if External DLP Server is not
configured.
servers will receive the External DLP policies, but these policies will be disabled.The Web Security
appliance External DLP page will not show the published policies if External DLP Server is not
configured.
•
If a Configuration Master has Identities that identify and authenticate users using a realm that uses
the Kerberos scheme, then the following caveats apply:
the Kerberos scheme, then the following caveats apply:
–
Active Directory realms that were created on Web Security appliances before upgrade to
AsyncOS 8.0 for Web do not support the Kerberos authentication scheme.
AsyncOS 8.0 for Web do not support the Kerberos authentication scheme.
–
If you publish Configuration Master 8.0 to a Web Security appliance that has a realm with the
same name but without support for Kerberos, then the following occurs:
same name but without support for Kerberos, then the following occurs:
Publishing a Configuration Master Now
Before You Begin
See important requirements and information in
Procedure
Step 1
On the Security Management appliance, choose Web > Utilities > Publish to Web Appliances.
Step 2
Click Publish Configuration Now.
Step 3
“System-generated job name” is selected by default, or enter a user-defined job name (80 characters or
fewer).
fewer).
Step 4
Select the Configuration Master to publish.
Step 5
Select the Web Security appliances to which you want to publish the Configuration Master. Choose “All
assigned appliances” to publish the configuration to all appliances assigned to the Configuration Master.
assigned appliances” to publish the configuration to all appliances assigned to the Configuration Master.
If the Scheme in the Identity
in the Configuration Master Was:
in the Configuration Master Was:
Then the Scheme in the Identity
on the Web Security Appliance Becomes
on the Web Security Appliance Becomes
Use Kerberos
Use NTLMSSP or Basic
Use Kerberos or NTLMSSP
Use NTLMSSP
Use Kerberos or NTLMSSP or Basic
Use NTLMSSP or Basic