Cisco Cisco Web Security Appliance S390 Mode D'Emploi
3-5
Cisco AsyncOS 8.0.6 for Web User Guide
Chapter 3 Connect the Appliance to a Cloud Web Security Tower
What is Supported in Cloud Connector Mode?
Functionality: Supported and Unsupported Features
Functional Area
Supported
Unsupported
Forwarding Traffic
•
HTTP (transparent and explicit)
•
HTTPS (transparent and forward)
•
HTTPS-HTTP CONNECT
•
Failover using current WSA methods
•
Exceptions (bypass forward to Cloud Web
Security)
Security)
•
Passive FTP to FTP over HTTP
•
Native FTP
•
Encrypt all traffic to Cloud Web Security
tower
tower
•
Restrict SSL to 250 Concurrent Connections
•
SPDY (initiation)
•
IPv6 data in encrypted headers
•
Forward internal client IP's in headers
•
SOCKS proxy support
•
Auto-Tower discovery
•
Hosted exceptions
•
Decrypt Traffic from client to WSA (WREP,
WUC, etc.)
WUC, etc.)
Authentication:
•
Active Directory
•
LDAP
•
NTLM Version 1 and 2
•
Multi-forest NTLM (untrusted realms)
•
Failover between authentication directories
•
Encrypted header information
•
Forward groups (include IF specified)
•
Guest authentication
•
Novell
•
Kerberos
•
Multiple NTLM with trust
•
Enable/disable forward of user/group
•
Include/exclude exact user groups
•
Include primary Active Directory group
information when forwarding
information when forwarding
•
SaaS Access to Cloud Web Security Controls
•
Wildcards for group include/exclude
•
MUS (mobile user security) AnyConnect
Licensing
•
Include license key in headers sent to Cloud
Web Security
Web Security
•
Provision Cloud Web Security license key on
the Web Security Appliance
the Web Security Appliance
•
Specify multiple license keys based on group
or IP address
or IP address
Logs
•
Access Logs
•
Proxy Logs
•
Select which Cloud Web Security response
attributes should be logged
attributes should be logged
•
Automatically log response headers with
Cloud Web Security defined attributes
Cloud Web Security defined attributes