Белая книга для Cisco Cisco ScanSafe Web Security
Cisco CWS
– ASA 5500 Deployment Guide
7
Test
Deploy
Prepare
Figure 2.5
Finally, a service policy will be created to activate the above policy map for the inside interface.
However, if Cloud Web Security should be activated on all interfaces, the policy map pmap-
webtraffic should be applied to internal interfaces.
However, if Cloud Web Security should be activated on all interfaces, the policy map pmap-
webtraffic should be applied to internal interfaces.
Figure 2.6
Step 3:
Verify the ASA is not filtering by browsing to
. You should get the
expected output ‘User is not currently using the service.’
Step 4:
Enter enable mode and configure terminal mode. With a simple copy and paste, all of these
configuration commands are immediately applied.
Figure 2.7
Step 5:
Before writing to memory, test web browsing from a client by browsing to
. Note that information on the client is returned, but not the logged on user.
User identity will be explained in a later tutorial.
Configure ACL whitelisting
The concept of ACL whitelisting is to identify a source and/or destination host or network that should
bypass Cloud Web Security filtering.
bypass Cloud Web Security filtering.
As you start using the Cloud Web Security solution, you may inevitably discover some mission critical
web-based services are not compatible with a proxy. These would need to be whitelisted. Examples
include a software update server hosted internally that s
web-based services are not compatible with a proxy. These would need to be whitelisted. Examples
include a software update server hosted internally that s
ynchronizes with a vendor’s software repository
or an external financial service that performs IP authentication.