Cisco Cisco Web Security Appliance S170 사용자 가이드
2-10
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 2 Using the Web Security Appliance
Committing and Clearing Changes
Committing and Clearing Changes in the CLI
Commit changes using the
commit
command. Most configuration changes you make in the Command
Line Interface (CLI) are not effective until you issue the
commit
command. You may include comments
up to 255 characters. Changes are not verified as committed until you receive confirmation along with a
timestamp. The
timestamp. The
commit
command applies configuration changes made to appliance since the last
commit
or
clear
command issued.
For more information about using the
commit
command, see
.
Clear changes using the
clear
command. For more information about using the
clear
command, see
.
Checking for Web Proxy Restart on Commit
Some configuration changes you make to the Web Security appliance trigger a Web Proxy restart when
you commit the changes. When the Web Proxy restarts, the Web Security appliance allows web traffic
to continue but there is a brief interruption of Web Proxy services, such as anti-malware scanning.
Typically, the Web Proxy uses less than 30 seconds to restart due to a configuration change. (If the Web
Proxy restarts due to an internal error, the entire restart process may take a few minutes to start all
services on the appliance.)
you commit the changes. When the Web Proxy restarts, the Web Security appliance allows web traffic
to continue but there is a brief interruption of Web Proxy services, such as anti-malware scanning.
Typically, the Web Proxy uses less than 30 seconds to restart due to a configuration change. (If the Web
Proxy restarts due to an internal error, the entire restart process may take a few minutes to start all
services on the appliance.)
To minimize the security risk from web traffic that goes unscanned, you can determine if your
configuration changes will trigger a Web Proxy restart before you commit them. You can then schedule
to commit your configuration changes for a time when the Web Proxy processes fewer user transactions,
such as overnight. How you check for this depends on the interface:
configuration changes will trigger a Web Proxy restart before you commit them. You can then schedule
to commit your configuration changes for a time when the Web Proxy processes fewer user transactions,
such as overnight. How you check for this depends on the interface:
•
Web interface. When you click the Commit Changes button, the web interface displays a warning
on the Uncommitted Changes page that the Web Proxy will restart as a result of the commit.
on the Uncommitted Changes page that the Web Proxy will restart as a result of the commit.
•
CLI. Use the
checkproxyrestart
command before the
commit
command. If the configuration
changes require a Web Proxy restart, the CLI displays “The changes will trigger a proxy restart.”
In addition to a brief interruption of Web Proxy services, you may notice the following effects when the
Web Proxy restarts:
Web Proxy restarts:
•
The authentication cache is cleared and users need to be authenticated again.
•
Tracking statistics are reset. This also affects SNMP because the values depend on tracking
statistics.
statistics.
•
The Web Proxy DNS cache is cleared.
•
The HTTPS certificate cache is cleared.
•
Connections to authentication servers are renegotiated.
•
Any data in the Web Proxy cache that was not written to disk is lost.
•
Any logging data that is not written to a log file is lost.