Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi

When creating an Identity/Identification Profile on the Security Management appliance, you have the 
option of making it apply only to specific appliances. So for example, if you purchase a Security 
Management appliance and want to preserve the existing Web Security appliance configurations and the 
policies that were created for each Web Security appliance, you must load one file into the machine, and 
then add policies from other machines by hand.

One way to accomplish this is to make a set of Identities/Identification Profiles for each appliance, then 
have policies which refer to those Identities/Identification Profiles. When the Security Management 
appliance publishes the configuration, those Identities/Identification Profiles and the policies which 
refer to them will automatically be removed and disabled. Using this method, you do not have to 
configure anything manually. This is essentially a ‘per-appliance’ Identity/Identification Profile.

The only challenge with this method is if you have a default policy or Identity/Identification Profile that 
differs between sites. For example, if you have a policy set for “default allow with auth” at one site and 
a “default deny” at another. At this point you will need to create per-appliance Identities/Identification 
Profiles and policies just above the default; essentially creating your own “default” policy. 

Before you publish a Configuration Master, you should ensure that it will publish and that the intended 
features will be enabled and configured as you expect them to be after publishing. 

To do this, do both of the following: 

If multiple Web Security appliances with different features enabled are assigned to the same 
Configuration Master, you should publish to each appliance separately, and perform these procedures 
before each publish. 

Verify that the features enabled on each Web Security appliance match the features enabled for the 
Configuration Master associated with that appliance. 

Access Policies > Web Reputation 
and Anti-Malware Settings 

Options available on this page depend on whether Adaptive Scanning is enabled for the 
relevant configuration master. Check this setting in Web > Utilities > Security Services 
Display. 

SaaS Policies 

The authentication option “Prompt SaaS users who have been discovered by transparent 
user identification” is available only when a Web Security appliance with an 
authentication realm that supports transparent user identification has been added as a 
managed appliance.