Cisco Cisco Web Security Appliance S690 사용자 가이드
14-9
AsyncOS 10.0 for Cisco Web Security Appliances User Guide
Chapter 14 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Step 6
Expand the Advanced Settings for File Reputation panel and adjust the following options as needed:
Option
Description
Cloud Domain
The name of the domain to be used for file reputation queries.
File Reputation Server
Choose either: the host name of the public reputation cloud
server, or Private reputation cloud.
server, or Private reputation cloud.
If you choose Private reputation cloud, provide
the following:
the following:
•
Server – The host name or IP address of the Cisco
AMP Virtual Private Cloud appliance.
AMP Virtual Private Cloud appliance.
•
Public Key – Provide a valid public key for encrypted
communications between this appliance and your
private cloud appliance. This must be the same key
used by the private cloud server: locate the key file on
this appliance, and then click Upload File.
communications between this appliance and your
private cloud appliance. This must be the same key
used by the private cloud server: locate the key file on
this appliance, and then click Upload File.
Note
You must have already downloaded the key file
from the server to this appliance,
from the server to this appliance,
Routing Table
The routing table (associated with an appliance network
interface type, either Management or Data) to be used for
Advanced Malware Protection services. If the appliance
has both the Management interface and one or more Data
interfaces enabled, you can select Management or Data.
interface type, either Management or Data) to be used for
Advanced Malware Protection services. If the appliance
has both the Management interface and one or more Data
interfaces enabled, you can select Management or Data.
SSL Communication for File Reputation
Check Use SSL (Port 443) to communicate on port 443
instead of the default port, 32137. Refer to the Cisco AMP
Virtual Private Cloud Appliance user guide for information
about enabling SSH access to the server.
instead of the default port, 32137. Refer to the Cisco AMP
Virtual Private Cloud Appliance user guide for information
about enabling SSH access to the server.
Note
SSL communication over port 32137 may require
you to open that port in your firewall.
you to open that port in your firewall.
This option also allows you to configure an upstream proxy
for communication with the file reputation service. If
checked, provide the appropriate Server, Username and
Passphrase information.
for communication with the file reputation service. If
checked, provide the appropriate Server, Username and
Passphrase information.
When Use SSL (Port 443) is selected, you can also check
Relax Certificate Validation to skip standard certificate
validation if the tunnel proxy server's certificate is not
signed by a trusted root authority. For instance, select this
option if using a self-signed certificate on a trusted internal
tunnel proxy server.
Relax Certificate Validation to skip standard certificate
validation if the tunnel proxy server's certificate is not
signed by a trusted root authority. For instance, select this
option if using a self-signed certificate on a trusted internal
tunnel proxy server.
Note
If you checked Use SSL (Port 443)in the SSL
Communication for File Reputation section of the
Advanced Settings for File Reputation, you must
add the AMP on-premises reputation server CA
certificate to the certificate store on this appliance,
using Network > Certificate Management in the
Web interface. Obtain this certificate from the
server (Configuration > SSL > Cloud server >
download).
Communication for File Reputation section of the
Advanced Settings for File Reputation, you must
add the AMP on-premises reputation server CA
certificate to the certificate store on this appliance,
using Network > Certificate Management in the
Web interface. Obtain this certificate from the
server (Configuration > SSL > Cloud server >
download).