Cisco Cisco Web Security Appliance S370 사용자 가이드
14-7
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 14 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
•
If you will use a Cisco AMP Threat Grid Appliance as a private cloud file analysis server, see
.
Procedure
Step 1
Select Security Services > Anti-Malware and Reputation .
Step 2
Click Edit Global Settings.
Step 3
In the Advanced Malware Protection Services section, select Enable File Reputation Filtering.
Step 4
Accept the license agreement if presented.
Step 5
In the Advanced Malware Protection Services section, select Enable File Analysis.
Step 6
In the File Analysis section, select the file types to send to the cloud for analysis.
Step 7
Adjust the following Advanced Settings for File Reputation as needed:
Note
Do not change any other settings in this section without guidance from Cisco support.
Step 8
If you will use the cloud service for file analysis:
a.
Select Advanced Settings for File Analysis.
b.
Choose the cloud server that is physically nearest to your Web Security appliances.
Newly available servers will be added to this list periodically using standard update processes.
Step 9
If you will use an on-premises Cisco AMP Threat Grid appliance for file analysis:
Configure Advanced Settings for File Analysis:
Option
Description
Routing Table
The routing table (associated with an appliance network
interface type, either Management or Data) to be used for
Advanced Malware Protection services. If the appliance
has both the Management interface and one or more Data
interfaces enabled, you can select Management or Data.
interface type, either Management or Data) to be used for
Advanced Malware Protection services. If the appliance
has both the Management interface and one or more Data
interfaces enabled, you can select Management or Data.
SSL Communication for File Reputation
Check Use SSL (Port 443) to communicate on port 443
instead of the default port, 32137.
instead of the default port, 32137.
This option also allows you to configure an upstream proxy
for communication with the file reputation service.
for communication with the file reputation service.
Note
SSL communication over port 32137 may require
you to open that port in your firewall.
you to open that port in your firewall.
Reputation Threshold
•
Use value from Cloud Service
•
Enter custom value
The upper limit for acceptable file reputation scores.
Scores above this threshold indicate the file is infected.
Scores above this threshold indicate the file is infected.