Cisco Cisco Web Security Appliance S660 發佈版本通知
2
Release Notes for Cisco IronPort AsyncOS 7.7.0 for Web (All Builds After Build 725)
7.7.0
New Features in Cisco IronPort AsyncOS 7.7 for Web
Feature
Description
New Features
Multi-Forest
NTLM
NTLM
Configure the Web Security Appliance to authenticate users from Multiple
untrusted NTLM realms. Sometimes creating trust relationships between distinct
NTLM realms is not practical. You can now support these configurations using the
same WSA without expending the cost and effort associated with enabling NTLM
trust.
untrusted NTLM realms. Sometimes creating trust relationships between distinct
NTLM realms is not practical. You can now support these configurations using the
same WSA without expending the cost and effort associated with enabling NTLM
trust.
Authenticate users from multiple NTLM realms if those realms posses a trust
relationship. Create multiple identity policies using these untrusted NTLM realms
and then configure user and group policies associated with these identities. See
Authenticating Users Against Multiple Active Directory Domains in the user guide
or online help.
relationship. Create multiple identity policies using these untrusted NTLM realms
and then configure user and group policies associated with these identities. See
Authenticating Users Against Multiple Active Directory Domains in the user guide
or online help.
Software-based
FIPS Level 1
Compliance
FIPS Level 1
Compliance
The Federal Information Processing Standard (FIPS) 140-2 is a publicly announced
standard developed jointly by the United States and Canadian federal governments
specifying requirements for cryptographic modules that are used by all government
agencies to protect sensitive but unclassified information. With AsyncOS 7.7 for
Web, FIPS 140-2 Level 1 compliance can be enabled via a few simple steps in the
Web Security Appliance GUI.
standard developed jointly by the United States and Canadian federal governments
specifying requirements for cryptographic modules that are used by all government
agencies to protect sensitive but unclassified information. With AsyncOS 7.7 for
Web, FIPS 140-2 Level 1 compliance can be enabled via a few simple steps in the
Web Security Appliance GUI.
This feature utilizes the Cisco Common Crypto Module (C3M) rather than the
previously used Hardware Security Module (HSM) for all cryptographic operations
and it will be available via AsyncOS 7.7 for Web running on all currently supported
hardware models. See FIPS Compliance in the user guide or online help.
previously used Hardware Security Module (HSM) for all cryptographic operations
and it will be available via AsyncOS 7.7 for Web running on all currently supported
hardware models. See FIPS Compliance in the user guide or online help.
SOCKS Proxy
Support for SOCKS-based applications, including Bloomberg Terminals. Define
SOCKS-specific user and group policies as well as specific TCP and UDP
destination ports. SOCKS logs and reports allow you to track and analyze SOCKS
proxy usage. See Overview of SOCKS Proxy Services in the user guide or online
help.
SOCKS-specific user and group policies as well as specific TCP and UDP
destination ports. SOCKS logs and reports allow you to track and analyze SOCKS
proxy usage. See Overview of SOCKS Proxy Services in the user guide or online
help.
Custom Header
Insertion
Insertion
Insert custom request headers. Certain websites such as YouTube for Schools
require that web requests to their domains be appended with customized header
strings. In the case of YouTube for Schools, an account-specific string must be sent
with each request to YouTube’s domains so that YouTube can recognize users from
a Schools account and serve content accordingly. This function allows you to utilize
the CLI to specify the custom header string and the domains for which requests will
be appended. See “Custom Headers” in the in the user guide or online help.
require that web requests to their domains be appended with customized header
strings. In the case of YouTube for Schools, an account-specific string must be sent
with each request to YouTube’s domains so that YouTube can recognize users from
a Schools account and serve content accordingly. This function allows you to utilize
the CLI to specify the custom header string and the domains for which requests will
be appended. See “Custom Headers” in the in the user guide or online help.
OCSP
Use the Online Certificate Status Protocol (OCSP) to provide revocation status
updates for X.509 certificates. OCSP provides a more timely means of validation
for certificates than the alternative Certificate Revocation Lists (CRL).
updates for X.509 certificates. OCSP provides a more timely means of validation
for certificates than the alternative Certificate Revocation Lists (CRL).
Currently, the administrator can configure the invalid certificate handling policies
under the HTTPS Proxy page. Enable/disable OCSP and configure new OCSP
policies using the Web UI. Configure timeout values, and select a configured
upstream proxy group. Configure a list of exempt servers that WSA will connect to
directly without using the upstream proxy. See Enabling Real-Time Revocation
Status Checking in the user guide or online help.
under the HTTPS Proxy page. Enable/disable OCSP and configure new OCSP
policies using the Web UI. Configure timeout values, and select a configured
upstream proxy group. Configure a list of exempt servers that WSA will connect to
directly without using the upstream proxy. See Enabling Real-Time Revocation
Status Checking in the user guide or online help.