Cisco Cisco Web Security Appliance S390 사용자 가이드

Supported anti-malware scanning services are not the same on both platforms; they will remain 
independent. The WSA provides an option to choose scanning services, and at least one must 
be enabled.

In Hybrid mode, the WSA does not support the following items; these will not be downloaded:

Any rule assigned the Authenticate or Warn action. (Warn was supported in an earlier version 
of Hybrid mode for URL categories; this is no longer the case.) 

Outbound filters. Any rule using a filter that contains any Keyword, Outbound File Type, 
Preconfigured ID, or Regular Expression. Inbound Extensions are also not supported.

Whitelisting sets of domains and URLS to bypass Sypware/Web Reputation scanning at the 
global level is not supported.

Anonymize. Any CWS rule that has the action set to Anonymize.

SearchAhead

WSA does not incorporate the concept of delegated administration. CWS will send the merged 
policy configuration.

The following WSA features are not available in Hybrid mode:

Time and Volume Quotas

External DLP

SaaS Polices

L4TM

Upstream Proxy support

ISE integration

Range Requests

Native FTP & SOCKS protocol support

SNMP

HTTPS rules assigned the Drop action 

For compatibility with Cloud Web Security policies, when operating in Web Hybrid mode at 
least one anti-malware scanning engine (McAfee, Sophos, or Webroot) must be licensed and 
available. Ensure the valid license(s) or feature key(s) are available in order to complete set-up in 
Web Hybrid mode.

Both CWS and WSA require a Certificate Authority-signed certificate to authenticate and secure 
communications between them. You must generate this certificate externally and upload the 
certificate and its key to both Cisco ScanCenter and the Cisco WSA. See