Cisco Cisco ScanSafe Web Security Livre blanc
Cisco CWS
– ASA 5500 Deployment Guide
8
Test
Deploy
Prepare
Reference video:
Step 1:
Verify that you are currently using the Cloud Web Security Service by browsing to
The website should generate the output below:
authUserName: CISCO\user
authenticated: true
companyName: Cisco
connectorGuid: ABC012345AB
connectorVersion: AP_ASA-x.x(x)
countryCode: US
externalIp: 12.34.56.78
groupNames: []
internalIp: 1.2.3.4
logicalTowerNumber: 1782
staticGroupNames:
- CISCO\Group
userName: CISCO\user
authenticated: true
companyName: Cisco
connectorGuid: ABC012345AB
connectorVersion: AP_ASA-x.x(x)
countryCode: US
externalIp: 12.34.56.78
groupNames: []
internalIp: 1.2.3.4
logicalTowerNumber: 1782
staticGroupNames:
- CISCO\Group
userName: CISCO\user
*Note: To demonstrate source whitelisting, we will configure the ACLs used to redirect traffic to Cloud
Web Security Service to exempt the subnet our test machine is on.
Web Security Service to exempt the subnet our test machine is on.
Step 2:
The subnet used for this lab is 192.168.159.0/24. Create an object for the subnet and name
it SUBNET_159.
Figure 2.8
*Note: In a real life scenario, there may be additional subnets or hosts that would need to be excluded
from Cloud Web Security filtering.
from Cloud Web Security filtering.
Step 3:
Create a group that will include the object SUBNET_159, and call it SOURCE_WHITELIST.