Cisco Cisco Web Security Appliance S670 Mode D'Emploi
12-5
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 12 Outbound Malware Scanning
Creating Outbound Malware Scanning Policies
describes the advanced options you can configure for Outbound Malware Scanning Policy
groups.
Table 12-1
Outbound Malware Scanning Policy Group Advanced Options
Advanced Option
Description
Protocols
Choose whether or not to define policy group membership by the protocol used in
the client request. Select the protocols to include.
the client request. Select the protocols to include.
“All others” means any protocol not listed above this option.
Note: When the HTTPS Proxy is enabled, only Decryption Policies apply to
HTTPS transactions. You cannot define policy membership by the HTTPS protocol
for Access, Routing, Outbound Malware Scanning, Data Security, or External DLP
Policies.
HTTPS transactions. You cannot define policy membership by the HTTPS protocol
for Access, Routing, Outbound Malware Scanning, Data Security, or External DLP
Policies.
Proxy Ports
Choose whether or not to define policy group membership by the proxy port used
to access the Web Proxy. Enter one or more port numbers in the Proxy Ports field.
Separate multiple ports with commas.
to access the Web Proxy. Enter one or more port numbers in the Proxy Ports field.
Separate multiple ports with commas.
For explicit forward connections, this is the port configured in the browser. For
transparent connections, this is the same as the destination port. You might want to
define policy group membership on the proxy port if you have one set of clients
configured to explicitly forward requests on one port, and another set of clients
configured to explicitly forward requests on a different port.
transparent connections, this is the same as the destination port. You might want to
define policy group membership on the proxy port if you have one set of clients
configured to explicitly forward requests on one port, and another set of clients
configured to explicitly forward requests on a different port.
Cisco recommends defining policy group membership by the proxy port only when
the appliance is deployed in explicit forward mode, or when clients explicitly
forward requests to the appliance. If you define policy group membership by the
proxy port when client requests are transparently redirected to the appliance, some
requests might be denied.
the appliance is deployed in explicit forward mode, or when clients explicitly
forward requests to the appliance. If you define policy group membership by the
proxy port when client requests are transparently redirected to the appliance, some
requests might be denied.
Note: If the Identity associated with this policy group defines Identity membership
by this advanced setting, the setting is not configurable at the non-Identity policy
group level.
by this advanced setting, the setting is not configurable at the non-Identity policy
group level.
Subnets
Choose whether or not to define policy group membership by subnet or other
addresses.
addresses.
You can select to use the addresses that may be defined with the associated Identity,
or you can enter specific addresses here.
or you can enter specific addresses here.
Note: If the Identity associated with this policy group defines its membership by
addresses, then in this policy group you must enter addresses that are a subset of
the addresses defined in the Identity. Adding addresses in the policy group further
narrows down the list of transactions that match this policy group.
addresses, then in this policy group you must enter addresses that are a subset of
the addresses defined in the Identity. Adding addresses in the policy group further
narrows down the list of transactions that match this policy group.
URL Categories
Choose whether or not to define policy group membership by URL categories.
Select the user defined or predefined URL categories.
Select the user defined or predefined URL categories.
Note: If the Identity associated with this policy group defines Identity membership
by this advanced setting, the setting is not configurable at the non-Identity policy
group level.
by this advanced setting, the setting is not configurable at the non-Identity policy
group level.