Cisco Cisco Web Security Appliance S170 사용자 가이드
22-5
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 22 L4 Traffic Monitor
Configuring the L4 Traffic Monitor
Note
If the L4 Traffic Monitor is configured to block, the L4 Traffic Monitor and the Web Proxy must
be configured on the same network. Use the Network > Routes page to confirm that all clients
are accessible on routes that are configured for data traffic.
be configured on the same network. Use the Network > Routes page to confirm that all clients
are accessible on routes that are configured for data traffic.
Step 4
Submit and commit your changes.
Valid Formats
When you add addresses to the Allow List or Additional Suspected Malware Addresses properties,
separate multiple entries with whitespace or commas. You can enter addresses in any of the following
formats:
separate multiple entries with whitespace or commas. You can enter addresses in any of the following
formats:
Actions for
Suspected Malware
Addresses
Suspected Malware
Addresses
Choose whether to monitor or block traffic destined for a known malware
address. For a definition of known malware address, see
address. For a definition of known malware address, see
.
•
Monitor. Scans all traffic for domains and IP addresses that match entries in
the L4 Traffic Monitor database. The Monitor option does not block
suspicious traffic. This setting is useful for identifying infected clients
without affecting the user experience.
the L4 Traffic Monitor database. The Monitor option does not block
suspicious traffic. This setting is useful for identifying infected clients
without affecting the user experience.
•
Block. Scans all traffic for domains and IP addresses that match entries in the
appliance administrative lists and the block list database and then blocks any
traffic it finds. This setting is useful for identifying infected clients and
stopping malware attempts through non-standard ports.
appliance administrative lists and the block list database and then blocks any
traffic it finds. This setting is useful for identifying infected clients and
stopping malware attempts through non-standard ports.
When you choose to block suspected malware traffic, you can also choose
whether or not to always block ambiguous addresses. By default, ambiguous
addresses are monitored.
whether or not to always block ambiguous addresses. By default, ambiguous
addresses are monitored.
For a definition of ambiguous address, see
.
Additional
Suspected Malware
Addresses
(optional)
Suspected Malware
Addresses
(optional)
Enter zero or more known addresses that the L4 Traffic Monitor should consider
as a possible malware. For a list of valid address formats you can use, see
as a possible malware. For a list of valid address formats you can use, see
.
If you choose to block suspected malware addresses, the L4 Traffic Monitor will
either block or monitor these addresses depending on whether it determines them
to be known malware addresses or ambiguous addresses. For definitions of
ambiguous and known malware addresses, see
either block or monitor these addresses depending on whether it determines them
to be known malware addresses or ambiguous addresses. For definitions of
ambiguous and known malware addresses, see
.
If you choose to monitor suspected malware addresses, it will monitor these
addresses.
addresses.
Note
Adding internal IP addresses to the Additional Suspected Malware
Addresses list causes legitimate destination URLs to show up as malware
in L4 Traffic Monitor reports. To avoid this type of erroneous reporting,
do not enter internal IP addresses in the “Additional Suspected Malware
Addresses” field on the Web Security Manager > L4 Traffic Monitor
Policies page.
Addresses list causes legitimate destination URLs to show up as malware
in L4 Traffic Monitor reports. To avoid this type of erroneous reporting,
do not enter internal IP addresses in the “Additional Suspected Malware
Addresses” field on the Web Security Manager > L4 Traffic Monitor
Policies page.
Table 22-1
L4 Traffic Monitor Policies (continued)
Property
Description