Cisco Cisco Content Security Management Appliance M390 Guida Utente
D-21
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Appendix D Examples
With this secnario, you are going to create identities to distinguish users at each
of three locations, then create appropriate access policies for the locations . Next
you need to add the identity of the location to the location’s customized access
policy. When users are tagged to this identity, policies that are part of this identity
will be applied to this set of users. Finally, you will need to create delegated
administrators to maintain the local access policies.
of three locations, then create appropriate access policies for the locations . Next
you need to add the identity of the location to the location’s customized access
policy. When users are tagged to this identity, policies that are part of this identity
will be applied to this set of users. Finally, you will need to create delegated
administrators to maintain the local access policies.
To do this, perform the following:
Action
Description
Step 1
For this example, we will set up three access rules
and put these rules into access policies as
appropriate:
and put these rules into access policies as
appropriate:
•
The social networking access rule restricts
access to social networking sites.
access to social networking sites.
•
The weapons and violence access rule restricts
access to weapons and violence sites.
access to weapons and violence sites.
•
The web-based e-mail access rule restricts
access to web-based e-mail.
access to web-based e-mail.
Step 2
The social networking access rule applies to all sites.
Place this rule into the global access policy when
possible.
Place this rule into the global access policy when
possible.
The weapons and violence rule applies to the North
American site. Place this rule into the NA access
policy. The web-based email access rule applies to
headquarters site in Europe. Place this rule into the
HQ access policy.
American site. Place this rule into the NA access
policy. The web-based email access rule applies to
headquarters site in Europe. Place this rule into the
HQ access policy.
Step 3
This step allows you to create an identity for the
people the policy applies to and the Web Security
appliance that they use.
people the policy applies to and the Web Security
appliance that they use.
Each of the sites is identified by the corresponding
Web Security appliance and the subnet where the
users are connected.
Web Security appliance and the subnet where the
users are connected.