Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
9-2
AsyncOS 8.1 for Cisco Content Security Management User Guide
Chapter 9 Managing Web Security Appliances
Exception: L4 Traffic Monitor (L4TM) settings are not included in Configuration Masters.
The exact features supported depend on the configuration master version, which corresponds to an
AsyncOS for Web Security version.
AsyncOS for Web Security version.
Some features that are configurable in a Configuration Master also require configurations directly
on the Web Security appliance in order to work. For example, SOCKS Policies are configurable via
Configuration Master, but a SOCKS Proxy must first be configured directly on the Web Security
appliance.
on the Web Security appliance in order to work. For example, SOCKS Policies are configurable via
Configuration Master, but a SOCKS Proxy must first be configured directly on the Web Security
appliance.
•
Use a Configuration File (Advanced File Publishing) for:
Features related to managing the appliance, for example configuring log subscriptions or alerts, or
distributing administrative responsibilities.
distributing administrative responsibilities.
Exceptions:
You cannot use a Security Management appliance to enable or configure the following features and
functionality on Web Security appliances: FIPS mode for Federal Information Processing Standard,
Network/interface settings, DNS, Web Cache Communication Protocol (WCCP), upstream proxy
groups, certificates, the proxy mode, time settings such as NTP, L4 Traffic Monitor (L4TM) settings,
and authentication redirect hostname.
functionality on Web Security appliances: FIPS mode for Federal Information Processing Standard,
Network/interface settings, DNS, Web Cache Communication Protocol (WCCP), upstream proxy
groups, certificates, the proxy mode, time settings such as NTP, L4 Traffic Monitor (L4TM) settings,
and authentication redirect hostname.
You must configure these settings directly on your managed Web Security appliances. See the
Cisco IronPort AsyncOS for Web Security User Guide.
Cisco IronPort AsyncOS for Web Security User Guide.
Setting Up Configuration Masters
To set up for centralized configuration management using Configuration Masters, follow the procedures
in
in
To prepare to use Advanced File Publishing only, see
instead.
Overview of Setting Up Configuration Masters
To set up your system to centrally manage your Web Security appliances, follow these steps in order:
Step 1
(Optional) Web Security appliance. If you have a working Web Security appliance that can serve as a
configuration model for all of your Web Security appliances, download a configuration file from that
Web Security appliance. You can use this file to speed configuration of a Configuration Master in the
Security Management appliance. For instructions, see “Saving and Loading the Appliance
Configuration” in the Cisco IronPort AsyncOS for Web Security User Guide.
configuration model for all of your Web Security appliances, download a configuration file from that
Web Security appliance. You can use this file to speed configuration of a Configuration Master in the
Security Management appliance. For instructions, see “Saving and Loading the Appliance
Configuration” in the Cisco IronPort AsyncOS for Web Security User Guide.
For compatibility of configuration files and Configuration Master versions, see the Release Notes for
this release at
this release at
Step 2
Check for general configuration requirements and caveats. See
.
Step 3
Determine the Configuration Master version to use for each Web Security appliance. See
.
Step 4
Security Management appliance. Enable and configure Centralized Configuration Management. See