Cisco Cisco Web Security Appliance S690 用户指南
7-31
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 7 Identities
Example Identity Policies Tables
•
All users (authenticated and unauthenticated users). You can configure
this policy group to apply to every user in every Identity group. This option
only appears when you choose All Identities. When you apply the policy
group to all users, you must specify at least one advanced option to
distinguish this policy group from the global policy.
this policy group to apply to every user in every Identity group. This option
only appears when you choose All Identities. When you apply the policy
group to all users, you must specify at least one advanced option to
distinguish this policy group from the global policy.
Step 6
Optionally, if you configured specific Identity groups, you can add another
Identity group to this policy group by clicking Add Identity.
Identity group to this policy group by clicking Add Identity.
Step 7
If you add another Identity group, repeat steps
through
Step 8
Submit and commit your changes.
Example Identity Policies Tables
This section shows some sample Identity groups defined in an Identity policies
table and describes how the Web Proxy evaluates different client requests using
each Identity policies table.
table and describes how the Web Proxy evaluates different client requests using
each Identity policies table.
Example 1
shows an Identity policies table with three user defined Identity groups.
The first Identity group applies to a particular subnet and does not require
authentication. The second Identity group applies to all subnets and requests for
URLs in the “Proxies & Translators” category, and requires authentication on
RealmA. The third Identity group applies to all subnets, has no advanced options
defined, and requires authentication on RealmA. The global Identity policy
applies to all subnets (by definition) and does not require authentication.
authentication. The second Identity group applies to all subnets and requests for
URLs in the “Proxies & Translators” category, and requires authentication on
RealmA. The third Identity group applies to all subnets, has no advanced options
defined, and requires authentication on RealmA. The global Identity policy
applies to all subnets (by definition) and does not require authentication.
Table 7-4
Policies Table Example 1
Order
Subnet(s)
Authentication
Required?
Required?
Realm or
Sequence
Sequence
Advanced
Options
Options
1
10.1.1.1
No
N/A
none
2
All
Yes
RealmA
URL Category
is “Proxies &
Translators”
is “Proxies &
Translators”