Cisco Cisco Web Security Appliance S660 Mode D'Emploi
9-14
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 9 Create Policies to Control Internet Requests
Time Ranges and Quotas
Step 6
Choose a Time Of Day option:
Tip
Each time range includes the start time and excludes the end time. For example, entering 8:00 through
17:00 matches 8:00:00 through 16:59:59, but not 17:00:00. Midnight must be specified as 00:00 for a
start time, and as 24:00 for an end time.
17:00 matches 8:00:00 through 16:59:59, but not 17:00:00. Midnight must be specified as 00:00 for a
start time, and as 24:00 for an end time.
Step 7
Submit and commit your changes.
Next Steps
•
Navigate to the relevant policy or quota and select the time range you just created.
Time and Volume Quotas
Apply time and volume quotas to access policies and decryption policies to restrict a user’s connection
time or data volume (also referred to as a “bandwidth quota”). Quotas allow individual users to continue
accessing an Internet resource (or a class of Internet resources) until they exhaust the data volume or
time limit imposed. AsyncOS enforces defined quotas on HTTP, HTTPS and FTP traffic.
time or data volume (also referred to as a “bandwidth quota”). Quotas allow individual users to continue
accessing an Internet resource (or a class of Internet resources) until they exhaust the data volume or
time limit imposed. AsyncOS enforces defined quotas on HTTP, HTTPS and FTP traffic.
As a user approaches either their time or volume quota, AsyncOS displays first a warning, and then a
block page.
block page.
Please note the following regarding use of time and volume quotas:
•
If AsyncOS is deployed in transparent mode and HTTPS proxy is disabled, there is no listening on
port 443, and requests are dropped. This is standard behavior. If AsyncOS is deployed in explicit
mode, you can set quotas in your access policies.
port 443, and requests are dropped. This is standard behavior. If AsyncOS is deployed in explicit
mode, you can set quotas in your access policies.
When HTTPS proxy is enabled, possible actions on a request are pass-through, decrypt, drop, or
monitor. Overall, quotas in decryption policies are applicable only to the pass-through categories.
monitor. Overall, quotas in decryption policies are applicable only to the pass-through categories.
With pass-through, you will also have the option to set quotas for tunnel traffic. With decrypt, this
option is not available, as the quotas configured in the access policy will be applied to decrypted traffic.
option is not available, as the quotas configured in the access policy will be applied to decrypted traffic.
•
If URL Filtering is disabled or if its feature key is unavailable, AsyncOS cannot identify the category
of a URL, and the Access Policy -> URL Filtering page is disabled. Thus, the feature key needs to
be present, and Acceptable Use Policies enabled, to configure quotas..
of a URL, and the Access Policy -> URL Filtering page is disabled. Thus, the feature key needs to
be present, and Acceptable Use Policies enabled, to configure quotas..
•
Many websites such as Facebook and Gmail auto-update at frequent intervals. If such a website is
left open in an unused browser window or tab, it will continue to consume the user’s quota of time
and volume.
left open in an unused browser window or tab, it will continue to consume the user’s quota of time
and volume.
•
A proxy restart will cause quotas to be reset, potentially allowing much more access than planned.
A proxy restart may occur because of a configuration change, a crash, a machine reboot, and so on.
Some confusion is possible, as administrators are not explicitly informed about proxy restarts.
A proxy restart may occur because of a configuration change, a crash, a machine reboot, and so on.
Some confusion is possible, as administrators are not explicitly informed about proxy restarts.
Table 9-2
Option
Description
All Day
Use the full 24-hour period.
From / To
Define a specific hourly range. Enter a start and end time in HH:MM (24 hour
format).
format).