Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 571

 
25-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Information About Cisco Cloud Web Security
The ASA supports the following methods of determining the identity of a user, or of providing a default 
identity:
AAA rules—When the ASA performs user authentication using a AAA rule, the username is 
retrieved from the AAA server or local database. Identity from AAA rules does not include group 
information. If configured, the default...

Page 572

 
25-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Information About Cisco Cloud Web Security
For more information, see the Cloud Web Security documentation: 
http://www.cisco.com/en/US/products/ps11720/products_installation_and_configuration_guides_list.h
tml.
ScanCenter Policy
In ScanCenter, traffic is matched against policy rules in order until a rule is matched. Cloud Web Security 
then applies the configured action for the...

Page 573

$Page 573 25-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Information About Cisco Cloud Web Security –AAA usernames, when using RADIUS or TACACS+, are sent in the following format: LOCAL\username –AAA usernames, when using LDAP, are sent in the following format: domain-name\username –For the default username, it is sent in the following format: [domain-name\]username For example, if you configure the default username to be “Guest,” then...$

 
25-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Information About Cisco Cloud Web Security
–AAA usernames, when using RADIUS or TACACS+, are sent in the following format:
LOCAL\username
–AAA usernames, when using LDAP, are sent in the following format:
domain-name\username
–For the default username, it is sent in the following format:
[domain-name\]username
For example, if you configure the default username to be “Guest,” then...

Page 574

 
25-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Licensing Requirements for Cisco Cloud Web Security
Bypassing Scanning with Whitelists
If you use AAA rules or IDFW, you can configure the ASA so that web traffic from specific users or 
groups that otherwise match the service policy rule is not redirected to the Cloud Web Security proxy 
server for scanning. When you bypass Cloud Web Security scanning, the ASA retrieves the...

Page 575

 
25-7
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Prerequisites for Cloud Web Security
On the Cloud Web Security side, you must purchase a Cisco Cloud Web Security license and identify 
the number of users that the ASA handles. Then log into ScanCenter, and generate your authentication 
keys.
Prerequisites for Cloud Web Security
(Optional) User Authentication Prerequisites
To send user identity information to Cloud Web Security,...

Page 576

 
25-8
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Default Settings
When an interface to the Cloud Web Security proxy servers goes down, output from the show 
scansafe server command shows both servers up for approximately 15-25 minutes. This condition 
may occur because the polling mechanism is based on the active connection, and because that 
interface is down, it shows zero connection, and it takes the longest poll time...

Page 577

 
25-9
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
Detailed Steps
Step 1Choose Configuration > Device Management > Cloud Web Security.
Step 2In the Primary Server area, enter the following:
IP Address/Domain Name—Enter the IPv4 address or FQDN of the primary server.
HTTP Port—Enter the HTTP port of the primary server (port to which traffic must be redirected). 
By default the port is 8080; do...

Page 578

 
25-10
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
(Multiple Context Mode) Allowing Cloud Web Security Per Security Context
In multiple context mode, you must allow Cloud Web Security per context. See the “Configuring a 
Security Context” section on page 8-21 in the general operations configuration guide.
NoteYou must configure a route pointing to the Scansafe towers in both; the admin...

Page 579

 
25-11
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
When you create a new traffic class of this type, you can only specify one access control entry (ACE) 
initially. After you finish adding the rule, you can add additional ACEs by adding a new rule to the same 
interface or global policy, and then specifying Add rule to existing traffic class on the Traffic 
Classification dialog box.
The...

Page 580

 
25-12
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
Step 4On the Protocol Inspection tab, check the Cloud Web Security check box.
Step 5Click Configure to set the traffic action (fail open or fail close) and add the inspection policy map.
The inspection policy map configures essential parameters for the rule and also optionally identifies the 
whitelist. An inspection policy map is required...

Start reading Cisco Asdm 7 User Guide
All Cisco manuals