Cisco Cisco Web Security Appliance S660 Guida Utente
9-4
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 9 Create Policies to Control Internet Requests
Policies
Each policy type uses a policy table to store and manage its policies. Each policy table comes with a
predefined, global policy, which maintains default actions for a policy type. Additional, user-defined
policies are created and added to the policy table as required. Policies are processed in the order in which
they are listed in the policy table.
predefined, global policy, which maintains default actions for a policy type. Additional, user-defined
policies are created and added to the policy table as required. Policies are processed in the order in which
they are listed in the policy table.
Individual policies define the request types they manage and the actions they perform on those requests.
Each policy has two main parts:
Each policy has two main parts:
1.
Criteria. The criteria used to identify the requests to which the policy applies. One or more criteria
can be specified in a policy and all must be match for the criteria to be met. The criteria are
can be specified in a policy and all must be match for the criteria to be met. The criteria are
•
Protocols. Allow the transfer of data between various networking devices such as http, https, ftp,
etc.
etc.
•
Subnet. The logical grouping of connected network devices (such as geographic location or Local
Area Network [LAN]), where the request originated
Area Network [LAN]), where the request originated
•
Proxy Port. the numbered port by which the request accesses the web proxy,
•
Limiting Access by Time of Day. Time ranges can be created for use in policies to identify or apply
actions to web requests based on the time or day the requests were made. The time ranges are created
as individual units.
actions to web requests based on the time or day the requests were made. The time ranges are created
as individual units.
•
URL Categories. URL categories are predefined or custom categories of websites, such as News,
Business, Social Media, etc. These can be used to identify or apply actions to web requests.
Business, Social Media, etc. These can be used to identify or apply actions to web requests.
•
User Agents. These are the client applications (such as a web browser Firefox or Chrome) used to
make requests. You can define policy criteria based on user agents, and you can specify control
settings based on user agents. You can also exempt user agents from authentication, which is useful
for applications that cannot prompt for credentials. You can define custom client applications but
cannot reuse these definitions other policies.
make requests. You can define policy criteria based on user agents, and you can specify control
settings based on user agents. You can also exempt user agents from authentication, which is useful
for applications that cannot prompt for credentials. You can define custom client applications but
cannot reuse these definitions other policies.
Note
When you define multiple membership criteria, the client request must meet all criteria to match the
policy.
policy.
Outbound
Malware
Scanning
Malware
Scanning
•
HTTP
•
Decrypted HTTPS
•
FTP
Block, monitor, or allow requests to upload
data that may contain malicious data.
data that may contain malicious data.
Prevent malware that is already present on
your network from being transmitted to
external networks.
your network from being transmitted to
external networks.
Routing
•
HTTP
•
HTTPS
•
FTP
Direct web traffic through upstream proxies
or direct it to destination servers. You might
want to redirect traffic through upstream
proxies to preserve your existing network
design, to off-load processing from the Web
Security appliance, or to leverage additional
functionality provided by 3rd-party proxy
systems.
or direct it to destination servers. You might
want to redirect traffic through upstream
proxies to preserve your existing network
design, to off-load processing from the Web
Security appliance, or to leverage additional
functionality provided by 3rd-party proxy
systems.
If multiple upstream proxies are available,
the Web Security appliance can use load
balancing techniques to distribute data to
them.
the Web Security appliance can use load
balancing techniques to distribute data to
them.
Policy Type
Request Type
Description
Link to task