Cisco Cisco Web Security Appliance S170 사용자 가이드
A-18
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Appendix A Troubleshooting
Policy Problems
Step 4
Click Find Policy Match.
The Policy Trace output is displayed in the Results pane.
Note
For a Pass Through HTTPS transaction, the Policy Trace tool bypasses further scanning and no Access
policy is associated with the transaction. Similarly, for a Decrypt HTTPS transaction, the tool cannot
actually decrypt the transaction to determine the applied Access policy. In both cases, as well as for Drop
transactions, the trace results display: “Access policy: Not Applicable.”
policy is associated with the transaction. Similarly, for a Decrypt HTTPS transaction, the tool cannot
actually decrypt the transaction to determine the applied Access policy. In both cases, as well as for Drop
transactions, the trace results display: “Access policy: Not Applicable.”
Related Topics
•
•
Advanced: Request Details
You can use the settings in the Request Details pane of the Policy Trace page, Advanced section, to tune
the outbound malware scan request for this policy trace.
the outbound malware scan request for this policy trace.
Step 1
Expand the Advanced section on the Policy Trace page.
Step 2
Complete the fields in the Request Details pane as required:
To emulate...
Enter...
The client source IP used to make the request.
An IP address in the Client IP Address field.
Note
If an IP address is not specified, AsyncOS
uses localhost. Also, SGTs (security group
tags) cannot be fetched and policies based on
SGTs will not be matched.
uses localhost. Also, SGTs (security group
tags) cannot be fetched and policies based on
SGTs will not be matched.
The authentication/identification credentials
used to make the request.
used to make the request.
A user name in the User Name field, and then choose
Identity Services Engine or an authentication realm
from the Authentication/Identification drop-down list.
Identity Services Engine or an authentication realm
from the Authentication/Identification drop-down list.
Note
Only enabled option(s) are available. That is,
authentication options and the ISE option are
available only if they are both enabled.
authentication options and the ISE option are
available only if they are both enabled.
For authentication of the user you enter here, the user
must have already successfully authenticated through
the Web Security appliance.
must have already successfully authenticated through
the Web Security appliance.
Setting
Description
Proxy Port
Select a specific proxy port to use for the trace request to test policy
membership based on proxy port.
membership based on proxy port.
User Agent
Specify the User Agent to simulate in the request.
Time of Request
Specify the Date and Time of day to simulate in the request.