Cisco Cisco Web Security Appliance S170 사용자 가이드
126
I R O N P O R T A S Y N C O S 6 . 5 F O R W E B U S E R G U I D E
WO R K I N G W I T H PO L I C I E S O V E R V I E W
The Web Security appliance allows you to define policies to enforce your organization’s
acceptable use policies by controlling access to the Internet. You can create groups of users
and apply different levels and types of access control to each group.
acceptable use policies by controlling access to the Internet. You can create groups of users
and apply different levels and types of access control to each group.
For example, you can configure the appliance to enforce the following types of policies:
• Users in the Marketing group can access a competitor’s website, but other users cannot.
• Guest users on customer-facing machines, such as computers in a company store, cannot
access banking sites, but employees can.
• No users can access gambling sites. Instead, when they try to view a gambling site, they
see a web page that explains the organization’s policies.
• All users trying to access a particular site that no longer exists are redirected to a different
site.
• All users except those in IT are blocked from accessing potential malware sites, but users
in IT can access them for testing purposes, and the downloaded content is scanned for
harmful objects.
harmful objects.
• All requests for streaming media are blocked during business hours, but allowed outside
of business hours.
• All requests from a particular user agent, such as a software update program, are allowed
without requiring authentication.
• Block uploads of all Excel spreadsheet files greater than 2 MB.
• Block uploads of data to sites with a bad web reputation.
To enforce organizational policies, you define different policies in the Web Security
appliance. The appliance uses different types of policies for different functions. For more
information about the types of policies, see “Policy Types” on page 127.
appliance. The appliance uses different types of policies for different functions. For more
information about the types of policies, see “Policy Types” on page 127.
When you work with policies, you create policy groups. After you create policy groups, you
can define the control settings for each group. For more information about working with
policy groups, see “Working with Policy Groups” on page 130.
can define the control settings for each group. For more information about working with
policy groups, see “Working with Policy Groups” on page 130.
After you have created policies, you can figure out which policy groups apply to a particular
client transaction for troubleshooting purposes. For example, you can find out if user jsmith
tries to open a Firefox browser to the URL http://www.google.com, then which policy groups
apply to the transaction. For more information about tracing policies, see “Tracing Policies”
on page 141.
client transaction for troubleshooting purposes. For example, you can find out if user jsmith
tries to open a Firefox browser to the URL http://www.google.com, then which policy groups
apply to the transaction. For more information about tracing policies, see “Tracing Policies”
on page 141.
Note — The Web Security appliance is permissive by default. That is, requests are allowed
unless specifically blocked in a policy group.
unless specifically blocked in a policy group.