Cisco Cisco Web Security Appliance S170 사용자 가이드
126
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
I D E N T I T I E S O V E R V I E W
To control web traffic on the network and protect your network from web based threats, the
Web Proxy needs to identify who is trying to access the web. Users can be identified by
different criteria, such as their machine address or authenticated user name. The Web Proxy
can apply different actions to transactions based on who is submitting the request.
Web Proxy needs to identify who is trying to access the web. Users can be identified by
different criteria, such as their machine address or authenticated user name. The Web Proxy
can apply different actions to transactions based on who is submitting the request.
To identify who is accessing the web, you create Identities in the Web Security appliance. An
Identity is a policy that identifies and groups users. An Identity addresses the question, “who
are you?”
Identity is a policy that identifies and groups users. An Identity addresses the question, “who
are you?”
Identities are the only policy where you define whether or not authentication is required to
access the web. However, Identities do not specify a list of users who are authorized (allowed)
to access the web. You specify authorized users in the other (non-Identity) policy types.
access the web. However, Identities do not specify a list of users who are authorized (allowed)
to access the web. You specify authorized users in the other (non-Identity) policy types.
All other policy types use an Identity as the basis to determine which policy group applies to
the transaction. That means you can create a single Identity and use it multiple times in the
non-Identity policy groups.
the transaction. That means you can create a single Identity and use it multiple times in the
non-Identity policy groups.
You might want to group the following types of users or machines:
• A group of machine addresses in a test lab. You can create a Routing Policy with this
Identity so requests from these machines are fetched directly from the destination server.
• All authenticated users based on the All Realms authentication sequence. You can create
a single Access Policy using this Identity, or you can create a different Access Policy for
each authentication realm and configure different control settings for users in each realm.
each authentication realm and configure different control settings for users in each realm.
• Users accessing the Web Security appliance on a particular proxy port. You can create a
Routing Policy using this Identity that fetches content from a particular external proxy for
requests that explicitly connect to the appliance on a particular proxy port.
requests that explicitly connect to the appliance on a particular proxy port.
• All subnets trying to access a website in a user defined URL category do not require
authentication. You can create an Access Policy using this Identity to exempt requests to
particular destinations from authentication. You might want to do this for Windows update
servers.
particular destinations from authentication. You might want to do this for Windows update
servers.
Define Identities on the Web Security Manager > Identities page. For more information about
creating Identities, see “Creating Identities” on page 138.
creating Identities, see “Creating Identities” on page 138.