Cisco Cisco Web Security Appliance S190 Mode D'Emploi

 shows the order that the Web Proxy uses when evaluating 

control settings for IronPort Data Security Policies. The flow diagram shows that 
the only actions applied to a transaction are the final actions: Block and evaluate 
against the Access Policies.

For more information on the possible Access Policy actions, see 

. For more information on the Monitor action for Access 

Policies, see 

To configure the Web Security appliance to handle upload requests on an external 
DLP system, perform the following tasks:

Define an external DLP system. To pass an upload request to an external DLP 
system for scanning, you must define at least one ICAP-compliant DLP system on 
the Web Security appliance. Do this on the Network > External DLP Servers page. 
For more information, see 

.

Create and configure External DLP Policy groups. After an external DLP 
system is defined, you create and configure External DLP Policy groups to 
determine which upload requests to send to the DLP system for scanning. 

When an upload request matches an External DLP Policy, the Web Proxy sends 
the upload request to the DLP system using the Internet Content Adaptation 
Protocol (ICAP) for scanning. The DLP system scans the request body content 
and returns a block or allow verdict to the Web Proxy. The allow verdict is similar 
to the Allow action for IronPort Data Security Policies in that the upload request 
will be compared to the Access Policies. The final action the Web Proxy takes on 
the request is determined by the applicable Access Policy.

For more information about configuring External DLP Policy groups, see