Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Enter the IP addresses from which users will be allowed to connect to the appliance.

You can enter an IP address, IP address range or CIDR range. Use commas to separate multiple entries.

If connecting through a proxy is allowed, enter the following information: 

The IP addresses of the proxies allowed to connect to the appliance. Use commas to separate 
multiple entries.

The name of the origin IP header that the proxy sends to the appliance, which contains the IP 
addresses of the remote user’s machine and the proxy servers that forwarded the request. By default, 
the name of the header is 

x-forwarded-for

.

Ensure that you have not configured a change that will lock you out of the appliance after you submit 
and commit your changes. 

Submit and commit your changes.

You can specify how long a user can be logged into the Email Security appliance’s Web UI before 
AsyncOS logs the user out due to inactivity. This Web UI session timeout applies to:

All users, including administrator

HTTP and HTTPS sessions

This mode allows a user to connect to the appliance through a 
reverse proxy if the following conditions are met:

The connecting proxy’s IP address is included in the 
access list’s IP Address of Proxy Server field.

The proxy includes the 

x-forwarded-header

 HTTP 

header in its connection request.

The value of 

x-forwarded-header

 is not empty.

The remote user’s IP address is included in 

x-forwarded-header

 and it matches the IP addresses, IP 

ranges, or CIDR ranges defined for users in the access 
list.

This mode allows users to connect through a reverse proxy or 
directly to the appliance if their IP address matches the IP 
addresses, IP ranges, or CIDR ranges included in the access 
list. The conditions for connecting through a proxy are the 
same as in the Only Allow Specific Connections Through 
Proxy mode.