Cisco Cisco Web Security Appliance S170 사용자 가이드
21-5
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 21 L4 Traffic Monitor
Viewing L4 Traffic Monitor Activity
Note
If the L4 Traffic Monitor is configured to block, the L4 Traffic Monitor and the Web Proxy must
be configured on the same network. Use the Network > Routes page to confirm that all clients
are accessible on routes that are configured for data traffic.
be configured on the same network. Use the Network > Routes page to confirm that all clients
are accessible on routes that are configured for data traffic.
Step 4
Submit and commit your changes.
Valid Formats
When you add addresses to the Allow List or Additional Suspected Malware Addresses properties,
separate multiple entries with whitespace or commas. You can enter addresses in any of the following
formats:
separate multiple entries with whitespace or commas. You can enter addresses in any of the following
formats:
•
IP address. For example, 10.1.1.0.
•
CIDR address. For example, 10.1.1.0/24.
•
Domain name. For example, example.com. Entering a domain name such as example.com will also
match www.example.com and hostname.example.com.
match www.example.com and hostname.example.com.
•
Hostname. For example, crm.example.com.
Viewing L4 Traffic Monitor Activity
The S-Series appliance supports several options for generating feature specific reports and interactive
displays of summary statistics.
displays of summary statistics.
Additional
Suspected Malware
Addresses
(optional)
Suspected Malware
Addresses
(optional)
Enter zero or more known addresses that the L4 Traffic Monitor should consider
as a possible malware. For a list of valid address formats you can use, see
as a possible malware. For a list of valid address formats you can use, see
.
If you choose to block suspected malware addresses, the L4 Traffic Monitor will
either block or monitor these addresses depending on whether it determines them
to be known malware addresses or ambiguous addresses. For definitions of
ambiguous and known malware addresses, see
either block or monitor these addresses depending on whether it determines them
to be known malware addresses or ambiguous addresses. For definitions of
ambiguous and known malware addresses, see
.
If you choose to monitor suspected malware addresses, it will monitor these
addresses.
addresses.
Note
Adding internal IP addresses to the Additional Suspected Malware
Addresses list causes legitimate destination URLs to show up as malware
in L4 Traffic Monitor reports. To avoid this type of erroneous reporting,
do not enter internal IP addresses in the “Additional Suspected Malware
Addresses” field on the Web Security Manager > L4 Traffic Monitor
Policies page.
Addresses list causes legitimate destination URLs to show up as malware
in L4 Traffic Monitor reports. To avoid this type of erroneous reporting,
do not enter internal IP addresses in the “Additional Suspected Malware
Addresses” field on the Web Security Manager > L4 Traffic Monitor
Policies page.
Table 21-1
L4 Traffic Monitor Policies (continued)
Property
Description