Cisco Cisco Content Security Management Appliance M160 用户指南
9-10
AsyncOS 9.0 for Cisco Content Security Management Appliances User Guide
Chapter 9 Managing Web Security Appliances
Initializing and Configuring Configuration Masters
Tip for Working with Identities in Configuration Masters
When creating an Identity on the Security Management appliance, you have the option of making it
apply only to specific appliances. So for example, if you purchase a Security Management appliance and
want to preserve the existing Web Security appliance configurations and the policies that were created
for each Web Security appliance, you must load one file into the machine, and then add policies from
other machines by hand.
apply only to specific appliances. So for example, if you purchase a Security Management appliance and
want to preserve the existing Web Security appliance configurations and the policies that were created
for each Web Security appliance, you must load one file into the machine, and then add policies from
other machines by hand.
One way to accomplish this is to make a set of Identities for each appliance, then have policies which
refer to those Identities. When the Security Management appliance publishes the configuration, those
Identities and the policies which refer to them will automatically be removed and disabled. Using this
method, you do not have to configure anything manually. This is essentially a ‘per-appliance’ identity.
refer to those Identities. When the Security Management appliance publishes the configuration, those
Identities and the policies which refer to them will automatically be removed and disabled. Using this
method, you do not have to configure anything manually. This is essentially a ‘per-appliance’ identity.
The only challenge with this method is if you have a default policy or Identity that differs between sites.
For example, if you have a policy set for “default allow with auth” at one site and a “default deny” at
another. At this point you will need to create per-appliance Identities and policies just above the default;
essentially creating your own “default” policy.
For example, if you have a policy set for “default allow with auth” at one site and a “default deny” at
another. At this point you will need to create per-appliance Identities and policies just above the default;
essentially creating your own “default” policy.
Ensuring that Features are Enabled Consistently
Before you publish a Configuration Master, you should ensure that it will publish and that the intended
features will be enabled and configured as you expect them to be after publishing.
features will be enabled and configured as you expect them to be after publishing.
To do this, do both of the following:
•
•
Note
If multiple Web Security appliances with different features enabled are assigned to the same
Configuration Master, you should publish to each appliance separately, and perform these procedures
before each publish.
Configuration Master, you should publish to each appliance separately, and perform these procedures
before each publish.
Comparing Enabled Features
Verify that the features enabled on each Web Security appliance match the features enabled for the
Configuration Master associated with that appliance.
Configuration Master associated with that appliance.
Note
If multiple Web Security appliances with different features enabled are assigned to the same
Configuration Master, you should publish to each appliance separately, and perform this check before
each publish.
Configuration Master, you should publish to each appliance separately, and perform this check before
each publish.
Procedure
Step 1
On the Security Management appliance, choose Web > Utilities > Web Appliance Status.
Step 2
Click the name of a Web Security appliance to which you will publish a Configuration Master.
Step 3
Scroll to the Security Services table.
Step 4
Verify that the Feature Keys for all enabled features are active and not expired.
Step 5
Compare the settings in the Services columns: