Cisco Cisco Web Security Appliance S390 Guida Utente

 describes the advanced options you can configure for Access Policy 

groups. 

Protocols

Choose whether or not to define policy group membership by 
the protocol used in the client request. Select the protocols 
to include.

“All others” means any protocol not listed above this option.

Note: When the HTTPS Proxy is enabled, only Decryption 
Policies apply to HTTPS transactions. You cannot define 
policy membership by the HTTPS protocol for Access, 
Routing, Outbound Malware Scanning, Data Security, or 
External DLP Policies. 

Proxy Ports

Choose whether or not to define policy group membership by 
the proxy port used to access the Web Proxy. Enter one or 
more port numbers in the Proxy Ports field. Separate 
multiple ports with commas.

For explicit forward connections, this is the port configured 
in the browser. For transparent connections, this is the same 
as the destination port. You might want to define policy 
group membership on the proxy port if you have one set of 
clients configured to explicitly forward requests on one port, 
and another set of clients configured to explicitly forward 
requests on a different port.

Cisco recommends only defining policy group membership 
by the proxy port when the appliance is deployed in explicit 
forward mode, or when clients explicitly forward requests to 
the appliance. If you define policy group membership by the 
proxy port when client requests are transparently redirected 
to the appliance, some requests might be denied.

Note: If the Identity associated with this policy group 
defines Identity membership by this advanced setting, the 
setting is not configurable at the non-Identity policy group 
level.