Cisco Cisco Content Security Management Appliance M160 사용자 가이드
Appendix D Examples
D-34
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Finally, we need to deal with the HQ branch policy. The Web Security appliance
in the HQ branch is running AsyncOS 5.7. The NA access policy must enforce two
rules:
in the HQ branch is running AsyncOS 5.7. The NA access policy must enforce two
rules:
•
The local rule forbidding access to web-base e-mail sites.
•
The rule forbidding access to social networking sites.
Because the Social Networking category is not included to 5.7, we need to create
the Social Networking custom URL category to ensure that social networking is
forbidden.
the Social Networking custom URL category to ensure that social networking is
forbidden.
Step 10
On the Security Management appliance, choose Web > Configuration Master
5.7> Access Policies.
5.7> Access Policies.
Step 11
Click Add Policy.
Step 12
On the Access Policies: Add Policy page do the following:
•
In the Policy Setting section check the Enable Policy checkbox.
•
Type HQpolicy in the Policy Name text field
•
In the Policy Member Definition section, select HQ Identity from the
drop-down list.
drop-down list.
Step 13
Click Submit.
After you click Submit, you are returned to the Access Policies Page.
Step 14
On the Access Policies page, in the HQ access policy row, click the global policy
link in the URL Categories column.
link in the URL Categories column.
Step 15
Make sure that the Social Networking custom URL category is blocked.
Additionally, make sure that the Web-based Email category is blocked.
Additionally, make sure that the Web-based Email category is blocked.
At this point you have now completed substituting the new social networking
policy for the default social networking policy at the headquarters Web Security
appliances.
policy for the default social networking policy at the headquarters Web Security
appliances.