Cisco Cisco Email Security Appliance C160 Mode D'Emploi
16-5
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 16 Protecting Against Malicious or Undesirable URLs
Setting Up URL Filtering
About the Connection to Cisco Aggregator Server
The Email Security appliance connects to the Cisco Aggregator Server every 30 minutes
(non-configurable), either directly or through a web proxy, using the port specified for URL filtering
services in
(non-configurable), either directly or through a web proxy, using the port specified for URL filtering
services in
Communication is over HTTPS with mutual certificate
authentication. Certificates are updated automatically (see
If an HTTP or HTTPS proxy has been configured on the Security Services > Service Updates page, the
Email Security appliance will use it when communicating with the Cisco Aggregator Server. For more
information about using a proxy server, see
Email Security appliance will use it when communicating with the Cisco Aggregator Server. For more
information about using a proxy server, see
In FIPS mode, communications with the Cisco Aggregator Server uses FIPS ciphers.
Note
Certificates are not saved with a configuration file.
URL Filtering in Cluster Configurations
•
You can enable URL filtering at the machine, group or cluster level.
•
If URL filtering is enabled at machine level, URL whitelists and web interaction tracking can be
configured at machine, group or cluster level.
configured at machine, group or cluster level.
•
If URL filtering is enabled at group level, URL whitelists and web interaction tracking must be
configured at group or cluster level.
configured at group or cluster level.
•
If URL filtering is enabled at cluster level, URL whitelists and web interaction tracking must be
configured at cluster level.
configured at cluster level.
•
The standard rules for clusters for Message Filters and Content Filters apply.
Creating Whitelists for URL Filtering
If you specify a global whitelist when configuring the URL Filtering feature, then URLs on the whitelist
are not evaluated for reputation or category, for anti-spam, Outbreak Filtering, or content and message
filtering. However, the messages that contain these URLs are evaluated as usual by anti-spam scanning
and Outbreak Filters. You can also specify a URL whitelist in each URL Filtering condition (rule) and
action in content and message filters, to supplement the global URL whitelist.
are not evaluated for reputation or category, for anti-spam, Outbreak Filtering, or content and message
filtering. However, the messages that contain these URLs are evaluated as usual by anti-spam scanning
and Outbreak Filters. You can also specify a URL whitelist in each URL Filtering condition (rule) and
action in content and message filters, to supplement the global URL whitelist.
To whitelist URLs from Outbreak Filtering generally, use the Bypass Domain Scanning option that you
configure on the Mail Policies: Outbreak Filters page. URL whitelists for URL filtering are similar to,
but independent of, Bypass Domain Scanning. For more information about that feature, see
configure on the Mail Policies: Outbreak Filters page. URL whitelists for URL filtering are similar to,
but independent of, Bypass Domain Scanning. For more information about that feature, see
There is no relationship between URL filtering whitelists described in this section and the whitelist used
for sender reputation filtering based on SBRS score.
for sender reputation filtering based on SBRS score.
Before You Begin
Consider importing a list of URLs instead of creating one in the web interface. See