Cisco Cisco Web Security Appliance S170 사용자 가이드
2-11
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 2 Using the Web Security Appliance
Participating in The Cisco SensorBase Network
Typically, the Web Proxy uses less than 30 seconds to restart due to a configuration change. (If the Web
Proxy restarts due to an internal error, the entire restart process may take a few minutes to start all
services on the appliance.)
Proxy restarts due to an internal error, the entire restart process may take a few minutes to start all
services on the appliance.)
To minimize the security risk from web traffic that goes unscanned, you can determine if your
configuration changes will trigger a Web Proxy restart before you commit them. You can then schedule
to commit your configuration changes for a time when the Web Proxy processes fewer user transactions,
such as overnight. How you check for this depends on the interface:
configuration changes will trigger a Web Proxy restart before you commit them. You can then schedule
to commit your configuration changes for a time when the Web Proxy processes fewer user transactions,
such as overnight. How you check for this depends on the interface:
•
Web interface. When you click the Commit Changes button, the web interface displays a warning
on the Uncommitted Changes page that the Web Proxy will restart as a result of the commit.
on the Uncommitted Changes page that the Web Proxy will restart as a result of the commit.
•
CLI. Use the
checkproxyrestart
command before the
commit
command. If the configuration
changes require a Web Proxy restart, the CLI displays “The changes will trigger a proxy restart.”
In addition to a brief interruption of Web Proxy services, you may notice the following effects when the
Web Proxy restarts:
Web Proxy restarts:
•
The authentication cache is cleared and users need to be authenticated again.
•
Tracking statistics are reset. This also affects SNMP because the values depend on tracking
statistics.
statistics.
•
The Web Proxy DNS cache is cleared.
•
The HTTPS certificate cache is cleared.
•
Connections to authentication servers are renegotiated.
•
Any data in the Web Proxy cache that was not written to disk is lost.
•
Any logging data that is not written to a log file is lost.
Participating in The Cisco SensorBase Network
The Cisco SensorBase Network is a threat management database that tracks millions of domains around
the world and maintains a global watch list for Internet traffic. SensorBase provides Cisco with an
assessment of reliability for known Internet domains. The Web Security appliance uses the SensorBase
data feeds to improve the accuracy of Web Reputation Scores.
the world and maintains a global watch list for Internet traffic. SensorBase provides Cisco with an
assessment of reliability for known Internet domains. The Web Security appliance uses the SensorBase
data feeds to improve the accuracy of Web Reputation Scores.
Standard SensorBase Network Participation is enabled by default during system setup. You can edit the
participation level and other settings on the Security Services > SensorBase page after system setup.
participation level and other settings on the Security Services > SensorBase page after system setup.
Step 1
Navigate to the Security Services > SensorBase page.
Step 2
Verify that SensorBase Network Participation is enabled.
When it is disabled, none of the data that the appliance collects is sent back to the SensorBase Network
servers.
servers.
Step 3
In the Participation Level section, choose one of the following levels:
•
Limited. Basic participation summarizes server name information and sends MD5-hashed path
segments to the SensorBase Network servers.
segments to the SensorBase Network servers.
•
Standard. Enhanced participation sends the entire URL with unobfuscated path segments to the
SensorBase Network servers. This option assists in providing a more robust database, and
continually improves the integrity of Web Reputation Scores.
SensorBase Network servers. This option assists in providing a more robust database, and
continually improves the integrity of Web Reputation Scores.
Step 4
In the AnyConnect Network Participation field, choose whether or not to include information collected
from clients that connect to the Web Security appliance using Cisco AnyConnect Client.
from clients that connect to the Web Security appliance using Cisco AnyConnect Client.