Cisco Cisco Web Security Appliance S670 사용자 가이드
11-18
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 11 Processing HTTPS Traffic
Creating Decryption Policies
describes the advanced options you can configure for Decryption Policy groups.
Table 11-2
Decryption Policy Group Advanced Options
Advanced Option
Description
Proxy Ports
Choose whether or not to define policy group membership by the proxy port used
to access the Web Proxy. Enter one or more port numbers in the Proxy Ports field.
Separate multiple ports with commas.
to access the Web Proxy. Enter one or more port numbers in the Proxy Ports field.
Separate multiple ports with commas.
For explicit forward connections, this is the port configured in the browser. For
transparent connections, this is the same as the destination port. You might want to
define policy group membership on the proxy port if you have one set of clients
configured to explicitly forward requests on one port, and another set of clients
configured to explicitly forward requests on a different port.
transparent connections, this is the same as the destination port. You might want to
define policy group membership on the proxy port if you have one set of clients
configured to explicitly forward requests on one port, and another set of clients
configured to explicitly forward requests on a different port.
Cisco recommends only defining policy group membership by the proxy port when
the appliance is deployed in explicit forward mode, or when clients explicitly
forward requests to the appliance. When you define policy group membership by
the proxy port when clients requests get transparently redirected to the appliance,
some requests might be denied.
the appliance is deployed in explicit forward mode, or when clients explicitly
forward requests to the appliance. When you define policy group membership by
the proxy port when clients requests get transparently redirected to the appliance,
some requests might be denied.
Note: If the Identity associated with this policy group defines Identity membership
by this advanced setting, the setting is not configurable at the non-Identity policy
group level.
by this advanced setting, the setting is not configurable at the non-Identity policy
group level.
Subnets
Choose whether or not to define policy group membership by subnet or other
addresses.
addresses.
You can choose to use the addresses that may be defined with the associated
Identity, or you can enter specific addresses here.
Identity, or you can enter specific addresses here.
Note: If the Identity associated with this policy group defines its membership by
addresses, then in this policy group you must enter addresses that are a subset of
the Identity’s addresses. Adding addresses in the policy group further narrows
down the list of transactions that match this policy group.
addresses, then in this policy group you must enter addresses that are a subset of
the Identity’s addresses. Adding addresses in the policy group further narrows
down the list of transactions that match this policy group.
Time Range
Choose whether or not to define policy group membership by a defined time range.
Choose the time range from the Time Range field and then choose whether this
policy group should apply to the times inside or outside the selected time range.
Choose the time range from the Time Range field and then choose whether this
policy group should apply to the times inside or outside the selected time range.
For more information on creating time based policies, see
.
For more information on creating time ranges, see
.
URL Categories
Choose whether or not to define policy group membership by URL categories.
Select the user defined or predefined URL categories.
Select the user defined or predefined URL categories.
Note: If the Identity associated with this policy group defines Identity membership
by this advanced setting, the setting is not configurable at the non-Identity policy
group level.
by this advanced setting, the setting is not configurable at the non-Identity policy
group level.