Cisco Cisco Web Security Appliance S170 사용자 가이드
392
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
Note — If the L4 Traffic Monitor is configured to block, the L4 Traffic Monitor and the
Web Proxy must be configured on the same network. Use the Network > Routes page to
confirm that all clients are accessible on routes that are configured for data traffic.
Web Proxy must be configured on the same network. Use the Network > Routes page to
confirm that all clients are accessible on routes that are configured for data traffic.
4. Submit and commit your changes.
Valid Formats
When you add addresses to the Allow List or Additional Suspected Malware Addresses
properties, separate multiple entries with whitespace or commas. You can enter addresses in
any of the following formats:
properties, separate multiple entries with whitespace or commas. You can enter addresses in
any of the following formats:
• IP address. For example, 10.1.1.0.
• CIDR address. For example, 10.1.1.0/24.
• Domain name. For example, example.com. Entering a domain name such as
example.com will also match www.example.com and hostname.example.com.
• Hostname. For example, crm.example.com.
Additional Suspected
Malware Addresses
(optional)
Malware Addresses
(optional)
Enter zero or more known addresses that the L4 Traffic Monitor
should consider as a possible malware. For a list of valid address
formats you can use, see “Valid Formats” on page 392.
If you choose to block suspected malware addresses, the L4 Traffic
Monitor will either block or monitor these addresses depending on
whether it determines them to be known malware addresses or
ambiguous addresses. For definitions of ambiguous and known
malware addresses, see “How the L4 Traffic Monitor Works” on
page 387.
If you choose to monitor suspected malware addresses, it will
monitor these addresses.
Note: Adding internal IP addresses to the Additional Suspected
Malware Addresses list causes legitimate destination URLs to show
up as malware in L4 Traffic Monitor reports. To avoid this type of
erroneous reporting, do not enter internal IP addresses in the
“Additional Suspected Malware Addresses” field on the Web Security
Manager > L4 Traffic Monitor Policies page.
should consider as a possible malware. For a list of valid address
formats you can use, see “Valid Formats” on page 392.
If you choose to block suspected malware addresses, the L4 Traffic
Monitor will either block or monitor these addresses depending on
whether it determines them to be known malware addresses or
ambiguous addresses. For definitions of ambiguous and known
malware addresses, see “How the L4 Traffic Monitor Works” on
page 387.
If you choose to monitor suspected malware addresses, it will
monitor these addresses.
Note: Adding internal IP addresses to the Additional Suspected
Malware Addresses list causes legitimate destination URLs to show
up as malware in L4 Traffic Monitor reports. To avoid this type of
erroneous reporting, do not enter internal IP addresses in the
“Additional Suspected Malware Addresses” field on the Web Security
Manager > L4 Traffic Monitor Policies page.
Table 17-1 L4 Traffic Monitor Policies
Property
Description