Cisco Cisco Web Security Appliance S170 Guia Do Utilizador
11-3
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 11 Scan Outbound Traffic for Existing Infections
Creating Outbound Malware Scanning Policies
Creating Outbound Malware Scanning Policies
You can create Outbound Malware Scanning Policy groups based on combinations of several criteria,
such as one or more Identities or the URL category of the destination site. You must define at least one
criterion for policy group membership. When you define multiple criteria, the upload request must meet
all criteria to match the policy group. However, the upload request needs to match only one of the
configured Identities.
such as one or more Identities or the URL category of the destination site. You must define at least one
criterion for policy group membership. When you define multiple criteria, the upload request must meet
all criteria to match the policy group. However, the upload request needs to match only one of the
configured Identities.
Step 1
Choose Web Security Manager > Outbound Malware Scanning.
Step 2
Click Add Policy.
Step 3
Enter a name and an optional description for the policy group.
Note
Each policy group name must be unique and only contain alphanumeric characters or the space
character.
character.
Step 4
In the Insert Above Policy field, select where in the policies table to place the policy group.
When configuring multiple policy groups, you must specify a logical order for each group.
Step 5
In the Identities and Users section, select one or more Identity groups to apply to this policy group.
Step 6
(Optional) Expand the Advanced section to define additional membership requirements.
Step 7
To define policy group membership by any of the advanced options, click the link for the advanced
option and configure the option on the page that appears.
option and configure the option on the page that appears.
Advanced Option
Description
Protocols
Choose whether or not to define policy group membership by the protocol used in
the client request. Select the protocols to include.
the client request. Select the protocols to include.
“All others” means any protocol not listed above this option.
Note
When the HTTPS Proxy is enabled, only Decryption Policies apply to
HTTPS transactions. You cannot define policy membership by the HTTPS
protocol for Access, Routing, Outbound Malware Scanning, Data Security,
or External DLP Policies.
HTTPS transactions. You cannot define policy membership by the HTTPS
protocol for Access, Routing, Outbound Malware Scanning, Data Security,
or External DLP Policies.
Proxy Ports
Choose whether or not to define policy group membership by the proxy port used
to access the Web Proxy. Enter one or more port numbers in the Proxy Ports field.
Separate multiple ports with commas.
to access the Web Proxy. Enter one or more port numbers in the Proxy Ports field.
Separate multiple ports with commas.
For explicit forward connections, this is the port configured in the browser. For
transparent connections, this is the same as the destination port.
transparent connections, this is the same as the destination port.
If you define policy group membership by the proxy port when client requests are
transparently redirected to the appliance, some requests might be denied.
transparently redirected to the appliance, some requests might be denied.
Note
If the Identity associated with this policy group defines Identity
membership by this advanced setting, the setting is not configurable at the
non-Identity policy group level.
membership by this advanced setting, the setting is not configurable at the
non-Identity policy group level.