Cisco Cisco Web Security Appliance S170 사용자 가이드
7-13
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 7 Policies
Tracing Policies
For more information about creating Identities, see
Step 2
Place the Identity policy group above all other Identity policy groups that require authentication.
Step 3
Submit and commit your changes.
Tracing Policies
The Web Security appliance web interface includes a tool that traces a particular client request and
details how the Web Proxy processes the request. The Web Proxy evaluates the request against all
committed Access, Decryption, Cisco IronPort Data Security, Outbound Malware Scanning, and
Routing Policies and calculates other attributes, such as the web reputation score.
details how the Web Proxy processes the request. The Web Proxy evaluates the request against all
committed Access, Decryption, Cisco IronPort Data Security, Outbound Malware Scanning, and
Routing Policies and calculates other attributes, such as the web reputation score.
The policy trace tool allows administrators to troubleshoot when end users ask questions about Web
Proxy behavior. It simulates client requests as if they were made by the end users and describes Web
Proxy behavior. It can be a powerful troubleshooting or debugging tool, especially if you have combined
many of the advanced features available on the Web Security appliance.
Proxy behavior. It simulates client requests as if they were made by the end users and describes Web
Proxy behavior. It can be a powerful troubleshooting or debugging tool, especially if you have combined
many of the advanced features available on the Web Security appliance.
When you use the policy trace tool, the Web Proxy does not record the requests in the access log or
reporting database.
reporting database.
By default, the Web Proxy simulates an HTTP GET request. However, when you specify a file to upload
in the Request Details section, the Web Proxy simulates an HTTP POST request.
in the Request Details section, the Web Proxy simulates an HTTP POST request.
Note
The policy trace tool explicitly makes requests even if the Web Security appliance is deployed in
transparent mode.
transparent mode.
You can trace policies on the System Administration > Policy Trace page.
Step 1
Navigate to the System Administration > Policy Trace page.
Step 2
In the URL field, enter the URL in the client request to simulate.
Step 3
Optionally, in the Client IP Address field, enter the IP address of the machine to simulate.
Note
If no IP address is specified, AsyncOS uses localhost.
Step 4
Optionally, you can simulate an authentication user by entering the following authentication
requirements in the User area:
requirements in the User area:
•
User Name. Enter the user name of the authentication user.
•
Authentication Realm. Choose an authentication realm.
Note
For authentication to work for the user you enter here, the user must have already successfully
authenticated through the Web Security appliance.
authenticated through the Web Security appliance.
Step 5
Optionally, by expanding the Advanced section, you can configure additional settings to simulate a more
specific user request that you want to trace.
specific user request that you want to trace.
The Advanced settings are divided into details of the transaction request to simulate and transaction
response details to override.
response details to override.