Cisco Cisco Web Security Appliance S170 사용자 가이드
P O L I C Y T Y P E S
C H A P T E R 7 : W O R K I N G W I T H P O L I C I E S
127
PO L I C Y TY P E S
The Web Security appliance uses multiple types of policies to enforce organizational policies
and requirements.
and requirements.
• Identities. “Who are you?”
• Decryption Policies. “To decrypt or not to decrypt?”
• Routing Policies. “From where to fetch content?”
• Access Policies. “To allow or block the transaction?”
• IronPort Data Security Policies. “To block the upload of data?” IronPort Data Security
Policies actions are defined on the Web Security appliance.
• External DLP (data loss prevention) Policies. “To block the upload of data?” External DLP
Policies actions are defined on an external DLP appliance.
You use the policies together to create the behavior you need or expect when clients access
the web.
the web.
To define policies, you create policy groups. After you create policy groups, you can define
the control settings for each group. For more information about working with policy groups,
see “Working with Policy Groups” on page 130.
the control settings for each group. For more information about working with policy groups,
see “Working with Policy Groups” on page 130.
All policy types have a global policy group that maintains default settings and rules that apply
to web transactions not covered by another policy. For more information on global policies,
see “Working with Policy Groups” on page 130.
to web transactions not covered by another policy. For more information on global policies,
see “Working with Policy Groups” on page 130.
Identities
An Identity is a policy that identifies the user making a request. This is the only policy where
you can define whether or not authentication is required. An Identity addresses the question,
“who are you?” However, Identities do not specify a list of users who are authorized to access
the web. You specify authorized users in the other policy types after you specify the Identity to
use.
you can define whether or not authentication is required. An Identity addresses the question,
“who are you?” However, Identities do not specify a list of users who are authorized to access
the web. You specify authorized users in the other policy types after you specify the Identity to
use.
All other policies you create must specify an Identity.
Configure Identities on the Web Security Manager > Identities page. For more information
about Identities, see “Identities” on page 145.
about Identities, see “Identities” on page 145.
Decryption Policies
Decryption Policies determine whether or not an HTTPS connection should be decrypted,
passed through, or dropped. They address the question, “to decrypt or not to decrypt?”
passed through, or dropped. They address the question, “to decrypt or not to decrypt?”
The appliance uses Decryption Policies to evaluate HTTPS requests. The Decryption Policy
group that applies to an HTTPS request determines whether the appliance drops the
connection, passes it through without decryption, or decrypts the connection and
subsequently evaluate the decrypted request and response against the defined Access Policy
groups.
group that applies to an HTTPS request determines whether the appliance drops the
connection, passes it through without decryption, or decrypts the connection and
subsequently evaluate the decrypted request and response against the defined Access Policy
groups.