Cisco Cisco Web Security Appliance S170 사용자 가이드
C H A P T E R
8-1
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
8
Working with Policies
This chapter contains the following information:
•
•
•
•
•
•
•
Working with Policies Overview
The Web Security appliance includes an advanced policy framework to intelligently map data policies
to business processes for protection on the network and at the endpoint. It allows you to define policies
to enforce your organization’s acceptable use policies by controlling access to the Internet. You can
create groups of users and apply different levels and types of access control to each group.
to business processes for protection on the network and at the endpoint. It allows you to define policies
to enforce your organization’s acceptable use policies by controlling access to the Internet. You can
create groups of users and apply different levels and types of access control to each group.
For example, you can configure the appliance to enforce the following types of policies:
•
Users in the Marketing group can access a competitor’s website, but other users cannot.
•
Guest users on customer-facing machines, such as computers in a company store, cannot access
banking sites, but employees can.
banking sites, but employees can.
•
No users can access gambling sites. Instead, when they try to view a gambling site, they see a web
page that explains the organization’s policies.
page that explains the organization’s policies.
•
All users trying to access a particular site that no longer exists are redirected to a different site.
•
All users except those in IT are blocked from accessing potential malware sites, but users in IT can
access them for testing purposes, and the downloaded content is scanned for harmful objects.
access them for testing purposes, and the downloaded content is scanned for harmful objects.
•
All requests for streaming media are blocked during business hours, but allowed outside of business
hours.
hours.
•
All requests from a particular user agent, such as a software update program, are allowed without
requiring authentication.
requiring authentication.
•
Block uploads of all Excel spreadsheet files greater than 2 MB.
•
Block uploads of data to sites with a bad web reputation.