Cisco Cisco Web Security Appliance S390 ユーザーガイド
9-3
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 9 Create Policies to Control Internet Requests
Policies
Policy Types
Policy Type
Request Type
Description
Link to task
Access
•
HTTP
•
Decrypted HTTPS
•
FTP
Block, allow or redirect inbound HTTP,
FTP, and decrypted HTTPS traffic.
FTP, and decrypted HTTPS traffic.
Access policies also manage inbound
encrypted HTTPS traffic if the HTTPS
proxy is disabled.
encrypted HTTPS traffic if the HTTPS
proxy is disabled.
SOCKS
•
SOCKS
Allow or block SOCKS communication
requests.
requests.
Application
Authentication
Authentication
•
application
Allow or deny access to a Software as a
Service (SaaS) application.
Service (SaaS) application.
Use single sign-on to authenticate users and
increase security by allowing access to
applications to be quickly disabled.
increase security by allowing access to
applications to be quickly disabled.
To use the single sign-on feature of policies
you must configure the Web Security
appliance as an identity provider and upload
or generate a certificate and key for SaaS.
you must configure the Web Security
appliance as an identity provider and upload
or generate a certificate and key for SaaS.
Encrypted
HTTPS
Management
HTTPS
Management
•
HTTPS
Decrypt, pass through, or drop HTTPS
connections.
connections.
AsyncOS passes decrypted traffic to Access
policies for further processing.
policies for further processing.
Data Security
•
HTTP
•
Decrypted HTTPS
•
FTP
Manage data uploads to the web. Data
Security policies scan outbound traffic to
ensure it complies to company rules for data
uploads, based on its destination and
content. Unlike External DLP policies,
which redirect outbound traffic to external
servers for scanning, Data Security policies
use the Web Security appliance to scan and
evaluate traffic.
Security policies scan outbound traffic to
ensure it complies to company rules for data
uploads, based on its destination and
content. Unlike External DLP policies,
which redirect outbound traffic to external
servers for scanning, Data Security policies
use the Web Security appliance to scan and
evaluate traffic.
External DLP
(Data Loss
Prevention)
(Data Loss
Prevention)
•
HTTP
•
Decrypted HTTPS
•
FTP
Send outbound traffic to servers running
3rd-party DLP systems, which scan it for
adherence to company rules for data
uploads. Unlike Data Security policies,
which also manage data uploads, External
DLP policies move scanning work away
from the Web Security appliance, which
frees resources on the appliance and
leverages any additional functionality
offered by 3rd-party software.
3rd-party DLP systems, which scan it for
adherence to company rules for data
uploads. Unlike Data Security policies,
which also manage data uploads, External
DLP policies move scanning work away
from the Web Security appliance, which
frees resources on the appliance and
leverages any additional functionality
offered by 3rd-party software.