Cisco Cisco Web Security Appliance S660 Guida Utente

We recommend a Custom Time Interval, with a Rollover every: time interval based on these guidelines: 

For the Retrieval Method, select SCP on Remote Server and enter the CTA server information from 
your CWS account.

In the SCP Host field, enter the SCP host provided in Cisco ScanCenter; for example, 

etr.cloudsec.sco.cisco.com

.

In the SCP Port field, enter 

22

.

In the Directory field, enter 

/upload

.

In the Username field, enter the user name generated for your device in Cisco ScanCenter. The 
device user name is case sensitive and different for each proxy device.

Check Enable Host Key Checking, and select Automatically Scan.

Click Submit on the WSA.

A public SSH key is generated by the WSA and displayed in the Management Console.

Copy the public SSH key generated by the WSA to the Clipboard.

Switch to the Cisco ScanCenter portal, select the appropriate device account and then paste the public 
SSH key into the CTA Device Provisioning page. (See the “Proxy Device Uploads” section of the Cisco 
ScanCenter Administrator Guide for additional information.)

Successful authentication between your proxy device and CTA system will allow log files from your 
proxy device to be uploaded to the CTA system for analysis.

Cisco’s ScanCenter is the administration portal to Cisco Cloud Web Security. See 

.

Switch back to the WSA, and click Commit Changes.

The WSA restarts when committing configuration changes, so connected users may be 
temporarily disconnected.

Layer-4 Traffic Monitor log files provides a detailed record of Layer-4 monitoring activity. You can view 
Layer-4 Traffic Monitor log file entries to track updates to firewall block lists and firewall allow lists. 

Use the examples below to interpret the various entry types contains in Traffic Monitor Logs.

Unknown or less than 2000

55 minutes

2000 to 4000

30 minutes

4000 to 6000

20 minutes

More than 6000

10 minutes