Cisco Cisco Web Security Appliance S670 Mode D'Emploi
B-13
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Appendix B Command Line Interface
Web Security Appliance CLI Commands
sslconfig
Commands for use of communications protocols TLS v1.x and SSL v3 with
Appliance Management Web User Interface, Proxy Services (includes
HTTPS Proxy and Credential Encryption for Secure Client), Secure LDAP
Services (includes Authentication, External Authentication, SaaS SSO, and
Secure Mobility), as well as the Update Service.
Appliance Management Web User Interface, Proxy Services (includes
HTTPS Proxy and Credential Encryption for Secure Client), Secure LDAP
Services (includes Authentication, External Authentication, SaaS SSO, and
Secure Mobility), as well as the Update Service.
VERSIONS
– View and change the protocols enabled for specific services.
COMPRESS
– Enable/disable TLS compression. Disabling is recommended for
best security.
CIPHERS
– Add/update cipher suites available to selected protocols.
The default cipher is
DEFAULT:+kEDH
; however, this may change based on
your ECDHE cipher selections.
FALLBACK
– Enable/disable the SSL/TLS fall-back option. If enabled,
communications with remote servers will fall back to the lowest configured
protocol following a handshake failure.
protocol following a handshake failure.
After a protocol version is negotiated between client and server,
handshake failure is possible because of implementation issues. If this
option is enabled, the proxy attempts to connect using the lowest version
of the currently configured TLS/SSL protocols.
handshake failure is possible because of implementation issues. If this
option is enabled, the proxy attempts to connect using the lowest version
of the currently configured TLS/SSL protocols.
Note
On new AsyncOS 9.x installations, fall-back is disabled by default. For
upgrades from earlier versions on which the fall-back option exists, the
current setting is retained; otherwise, when upgrading from a version on
which the option did not exist, fall-back is enabled by default.
upgrades from earlier versions on which the fall-back option exists, the
current setting is retained; otherwise, when upgrading from a version on
which the option did not exist, fall-back is enabled by default.
ECDHE
– Enable/disable use of ECDHE ciphers for LDAP.
Additional ECDH ciphers are supported in successive releases; however,
certain named curves provided with some of the additional ciphers cause
the appliance to close a connection during secure LDAP authentication
and HTTPS traffic decryption. See
certain named curves provided with some of the additional ciphers cause
the appliance to close a connection during secure LDAP authentication
and HTTPS traffic decryption. See
for
more information about specifying additional ciphers.
If you experience these issues, use this option to disable or enable
ECDHE cipher use for either or both features.
ECDHE cipher use for either or both features.
status
Displays system status.
supportrequest
Send the support request email to Cisco IronPort Customer Support. This
includes system information and a copy of the master configuration.
includes system information and a copy of the master configuration.
tail
Displays the end of a log file. Command accepts log file name or number
as parameters.
as parameters.
example.com> tail system_logs
example.com> tail 9
tcpservices
Displays information about open TCP/IP services.
techsupport
Provides a temporary connection to allow Cisco IronPort Customer Support
to access the system and assist in troubleshooting.
to access the system and assist in troubleshooting.