Cisco Cisco Web Security Appliance S170 사용자 가이드
8-4
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 8 Working with Policies
Working with Policy Groups
External DLP Policies
External DLP (data loss prevention) policies determine whether or not to block a request to upload data
using logic stored on an external DLP server. They address the question, “to block the upload of data?”
using logic stored on an external DLP server. They address the question, “to block the upload of data?”
The Web Proxy uses External DLP Policies to evaluate HTTP requests and decrypted HTTPS requests
that have any data in the request body and send them to an external DLP server for scanning.
that have any data in the request body and send them to an external DLP server for scanning.
Configure External DLP Policy groups on the Web Security Manager > External Data Loss Prevention
page. For more information about External DLP Policy groups, see
page. For more information about External DLP Policy groups, see
Outbound Malware Scanning Policies
Outbound Malware Scanning Policies determine whether or not to block a request to upload data that
contains malicious data. They address the question, “To block the upload of malicious data?”
contains malicious data. They address the question, “To block the upload of malicious data?”
The Web Proxy uses Outbound Malware Scanning Policies to scan for malware HTTP requests and
decrypted HTTPS requests that have any data in the request body.
decrypted HTTPS requests that have any data in the request body.
Configure Outbound Malware Scanning Policy groups on the Web Security Manager > Outbound
Malware Scanning page. For more information about Outbound Malware Scanning Policy groups, see
Malware Scanning page. For more information about Outbound Malware Scanning Policy groups, see
.
SaaS Application Authentication Policies
SaaS Application Authentication Policies determine whether or not a user is allowed access to a
Software as a Service (SaaS) application. They address the question, “to allow this user access to a SaaS
application?”
Software as a Service (SaaS) application. They address the question, “to allow this user access to a SaaS
application?”
SaaS Application Authentication Policies determine how the appliance controls user access to
configured SaaS applications, such as WebEx. When you enable Cisco SaaS Access Control, users log
into the configured SaaS applications using their network authentication user credentials. That means
they use the same user name and password for all SaaS applications as well as network access.
configured SaaS applications, such as WebEx. When you enable Cisco SaaS Access Control, users log
into the configured SaaS applications using their network authentication user credentials. That means
they use the same user name and password for all SaaS applications as well as network access.
Configure SaaS Application Authentication Policy groups on the Web Security Manager > SaaS Policies
page. For more information about SaaS Application Authentication Policy groups, see
page. For more information about SaaS Application Authentication Policy groups, see
.
Working with Policy Groups
A policy group is an administrator defined configuration that allows you to apply acceptable use policies
to specific categories of users. After you create policy groups, you can define the control settings for
each group.
to specific categories of users. After you create policy groups, you can define the control settings for
each group.
You can create as many user defined policy groups as required to enforce the proper access control. The
Web Security appliance displays policy groups together in a policies table.
Web Security appliance displays policy groups together in a policies table.
All policies have a default, global policy group that applies to a transaction if none of the user defined
policy groups apply. A global policy group maintains default settings and rules that apply to web
transactions not covered by another policy. This group appears in the last row of a policies table, and the
Web Proxy applies its rules last if no other matching occurs.
policy groups apply. A global policy group maintains default settings and rules that apply to web
transactions not covered by another policy. This group appears in the last row of a policies table, and the
Web Proxy applies its rules last if no other matching occurs.