Cisco Cisco Web Security Appliance S660 Mode D'Emploi
Chapter 10 Decryption Policies
Creating Decryption Policies
10-32
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
describes the advanced options you can configure for Decryption
Policy groups.
Table 10-2
Decryption Policy Group Advanced Options
Advanced Option
Description
Proxy Ports
Choose whether or not to define policy group membership by
the proxy port used to access the Web Proxy. Enter one or
more port numbers in the Proxy Ports field. Separate
multiple ports with commas.
the proxy port used to access the Web Proxy. Enter one or
more port numbers in the Proxy Ports field. Separate
multiple ports with commas.
For explicit forward connections, this is the port configured
in the browser. For transparent connections, this is the same
as the destination port. You might want to define policy
group membership on the proxy port if you have one set of
clients configured to explicitly forward requests on one port,
and another set of clients configured to explicitly forward
requests on a different port.
in the browser. For transparent connections, this is the same
as the destination port. You might want to define policy
group membership on the proxy port if you have one set of
clients configured to explicitly forward requests on one port,
and another set of clients configured to explicitly forward
requests on a different port.
Cisco recommends only defining policy group membership
by the proxy port when the appliance is deployed in explicit
forward mode, or when clients explicitly forward requests to
the appliance. When you define policy group membership by
the proxy port when clients requests get transparently
redirected to the appliance, some requests might be denied.
by the proxy port when the appliance is deployed in explicit
forward mode, or when clients explicitly forward requests to
the appliance. When you define policy group membership by
the proxy port when clients requests get transparently
redirected to the appliance, some requests might be denied.
Note: If the Identity associated with this policy group
defines Identity membership by this advanced setting, the
setting is not configurable at the non-Identity policy group
level.
defines Identity membership by this advanced setting, the
setting is not configurable at the non-Identity policy group
level.
Subnets
Choose whether or not to define policy group membership by
subnet or other addresses.
subnet or other addresses.
You can choose to use the addresses that may be defined with
the associated Identity, or you can enter specific addresses
here.
the associated Identity, or you can enter specific addresses
here.
Note: If the Identity associated with this policy group
defines its membership by addresses, then in this policy
group you must enter addresses that are a subset of the
Identity’s addresses. Adding addresses in the policy group
further narrows down the list of transactions that match this
policy group.
defines its membership by addresses, then in this policy
group you must enter addresses that are a subset of the
Identity’s addresses. Adding addresses in the policy group
further narrows down the list of transactions that match this
policy group.