Cisco Cisco Web Security Appliance S380 Guida Utente

220

I R O N P O R T   A S Y N C O S   6 . 3   F O R   W E B   U S E R   G U I D E  

Figure 11-1 Policy Group Flow Diagram for Data Security and External DLP Policies

Receive request from client.

No

Is the client subnet in the policy group’s list of subnet(s) in the Advanced section?

Yes

Is the transaction assigned to one of the policy group’s configured Identities, or does

the policy group use “All Identities”?

Yes, or none defined

Yes, or none defined

Is the URL category of the request URL in the policy group’s list of URL categories

in the Advanced section?

Yes, or none defined

Is the proxy port in the policy group’s list of ports in the Advanced section?

No

No

No

Compare the client request against the next (or first) policy group in the policies table.

No

Yes

No

Is the current policy group the global policy?

Yes

No

Yes, or none defined

Is the user agent in the policy group’s list of user agents in the Advanced section?

Is the user one of the authorized users listed in the policy group?

(List of authorized users can be a list of user names, user groups, all authenticated

users, guest users, or All Users. If the policy group only uses Identities with no 

authentication, then all clients are authorized.)

No

Is the protocol in the policy group’s list of protocol(s) in the Advanced section?

Yes, or none defined

Apply the Data Security group settings to the upload request.

See Figure 11-3 on page 226 for IronPort Data Security Policies.

page 232 for External DLP Policies.