Cisco Cisco Content Security Management Appliance M1070 Guida Utente
9-9
AsyncOS 9.6 for Cisco Content Security Management Appliances User Guide
Chapter 9 Managing Web Security Appliances
Setting Up Configuration Masters to Centrally Manage Web Security Appliances
Except for the few items described in
, instructions for configuring features in a Configuration Master are the
same as instructions for configuring the same features on the Web Security appliance. For instructions,
see the online help in your Web Security appliance or the AsyncOS for Cisco Web Security Appliances
User Guide for the AsyncOS version corresponding to the Configuration Master version. If necessary,
consult the following topic to determine the correct Configuration Master for your Web Security
appliance:
see the online help in your Web Security appliance or the AsyncOS for Cisco Web Security Appliances
User Guide for the AsyncOS version corresponding to the Configuration Master version. If necessary,
consult the following topic to determine the correct Configuration Master for your Web Security
appliance:
All versions of Web Security user guides are available from
.
SMA-Specific Differences when Configuring Features in Configuration Masters
When you configure a feature in a Configuration Master, note the following differences from configuring
the same feature directly on the Web Security appliance.
the same feature directly on the Web Security appliance.
Table 9-1
Feature Configuration: Differences between Configuration Master and Web Security Appliance
Feature or Page
Details
All features, especially new
features in each release
features in each release
For each feature that you configure in a Configuration Master, you must enable the
feature in the Security Management appliance under Web > Utilities > Security Services
Display. For more information, see
feature in the Security Management appliance under Web > Utilities > Security Services
Display. For more information, see
.
Identities/Identification Profiles
•
See
.
•
If you have authentication realms on different Web Security appliances that have
the same name but different protocols, choose the appropriate scheme for each
desired realm in the Configuration Master.
the same name but different protocols, choose the appropriate scheme for each
desired realm in the Configuration Master.
•
The Identify Users Transparently option when adding or editing an
Identity/Identification Profile is available when a Web Security appliance with an
authentication realm that supports transparent user identification has been added as
a managed appliance.
Identity/Identification Profile is available when a Web Security appliance with an
authentication realm that supports transparent user identification has been added as
a managed appliance.
Policies that use a Cisco Identity
Services Engine (ISE) to identify
users
Services Engine (ISE) to identify
users
Secure Group Tag (SGT) information is updated from the Web Security appliances
approximately every five minutes. The management appliance does not communicate
directly with the ISE server.
approximately every five minutes. The management appliance does not communicate
directly with the ISE server.
To update the list of SGTs on demand, select Web > Utilities > Web Appliance Status,
click a Web Security appliance that is connected to the ISE server, then click Refresh
Data. Repeat as needed for other appliances.
click a Web Security appliance that is connected to the ISE server, then click Refresh
Data. Repeat as needed for other appliances.
Multiple ISE servers with different data are not supported.
Access Policies > Edit Group
When you configure the Identities /Identification Profiles and Users option in the Policy
Member Definition section, the following applies if you use external directory servers:
Member Definition section, the following applies if you use external directory servers:
When you search for groups on the Edit Group page, only the first 500 matching results
are displayed. If you do not see the desired group, you can add it to the “Authorized
Groups” list by entering it in the Directory search field and clicking the "Add" button.
are displayed. If you do not see the desired group, you can add it to the “Authorized
Groups” list by entering it in the Directory search field and clicking the "Add" button.