Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 581

    Page 581 25-13 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security d.In the Name field, specify a name for the inspection policy map, up to 40 characters in length. e.(Optional) Enter a description. f.(Optional) On the Parameters tab, specify a Default User and/or a Default Group. If the ASA cannot determine the identity of the user coming into the ASA, then the default user and/or group is applied. g.For... 
     
25-13
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
d.In the Name field, specify a name for the inspection policy map, up to 40 characters in length.
e.(Optional) Enter a description.
f.(Optional) On the Parameters tab, specify a Default User and/or a Default Group. If the ASA cannot 
determine the identity of the user coming into the ASA, then the default user and/or group is applied.
g.For...

    Page 582

    Page 582 25-14 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security –Click Add to choose the inspection class map you created in the “(Optional) Configuring Whitelisted Traffic” section on page 25-23. The Add Cloud Web Security Match Criterion dialog box appears. –From the Cloud Web Security Traffic Class drop-down menu, choose an inspection class map. To add or edit a class map, click Manage. –For the... 
     
25-14
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
–Click Add to choose the inspection class map you created in the “(Optional) Configuring 
Whitelisted Traffic” section on page 25-23.
The Add Cloud Web Security Match Criterion dialog box appears.
–From the Cloud Web Security Traffic Class drop-down menu, choose an inspection class map.
To add or edit a class map, click Manage.
–For the...

    Page 583

    Page 583 25-15 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security c.On the Traffic Classification Criteria dialog box, choose Add Rule to Existing Traffic Class, and choose the name you created in Step 3. Click Next. d.In the Traffic Match - Source and Destination dialog box, choose Match to add inspect additional traffic, or Do Not Match to exempt traffic from Cloud Web Security inspections. Be sure to... 
     
25-15
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
c.On the Traffic Classification Criteria dialog box, choose Add Rule to Existing Traffic Class, and 
choose the name you created in Step 3. Click Next.
d.In the Traffic Match - Source and Destination dialog box, choose Match to add inspect additional 
traffic, or Do Not Match to exempt traffic from Cloud Web Security inspections. Be sure to...

    Page 584

    Page 584 25-16 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security e.On the Rule Actions dialog box, do not make any changes; click Finish. For this traffic class, you can have only one set of rule actions even if you add multiple ACEs, so the previously-specified actions are inherited. Step 8Repeat this entire procedure to create an additional traffic class, for example for HTTPS traffic. You can create... 
     
25-16
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
e.On the Rule Actions dialog box, do not make any changes; click Finish. For this traffic class, you 
can have only one set of rule actions even if you add multiple ACEs, so the previously-specified 
actions are inherited.
Step 8Repeat this entire procedure to create an additional traffic class, for example for HTTPS traffic. You can 
create...

    Page 585

    Page 585 25-17 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security Step 10Click Apply. Examples The following example exempts all IPv4 HTTP and HTTPS traffic going to the 10.6.6.0/24 (test_network), and sends all other HTTPS and HTTPS traffic to Cloud Web Security, and applies this service policy rule to all interfaces as part of the existing global policy. If the Cloud Web Security server is unreachable,... 
     
25-17
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
Step 10Click Apply.
Examples
The following example exempts all IPv4 HTTP and HTTPS traffic going to the 10.6.6.0/24 
(test_network), and sends all other HTTPS and HTTPS traffic to Cloud Web Security, and applies this 
service policy rule to all interfaces as part of the existing global policy. If the Cloud Web Security server 
is unreachable,...

    Page 586

    Page 586 25-18 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security Step 2Add a new traffic class called “scansafe-http,” and specify an ACL for traffic matching: Step 3Choose Match, and specify any4 for the Source and Destination. Specify tcp/http for the Service. 
     
25-18
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
Step 2Add a new traffic class called “scansafe-http,” and specify an ACL for traffic matching:
Step 3Choose Match, and specify any4 for the Source and Destination. Specify tcp/http for the Service.

    Page 587

    Page 587 25-19 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security Step 4Check Cloud Web Security and click Configure. Step 5Accept the default Fail Close action, and click Add. 
     
25-19
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
Step 4Check Cloud Web Security and click Configure.
Step 5Accept the default Fail Close action, and click Add.

    Page 588

    Page 588 25-20 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security Step 6Name the inspection policy map “http-map,” set the Default User to Boulder and the default group to Cisco. Choose HTTP. Step 7Click OK, OK, and then Finish. The rule is added to the Service Policy Rules table. Step 8Choose Configuration > Firewall > Service Policy Rules, and click Add > Service Policy Rule. Add the new rule to the... 
     
25-20
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
Step 6Name the inspection policy map “http-map,” set the Default User to Boulder and the default group to 
Cisco. Choose HTTP.
Step 7Click OK, OK, and then Finish. The rule is added to the Service Policy Rules table.
Step 8Choose Configuration > Firewall > Service Policy Rules, and click Add > Service Policy Rule. Add 
the new rule to the...

    Page 589

    Page 589 25-21 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security Step 9Click Add rule to existing traffic class, and choose scansafe-http. Step 10Choose Do not match, set any4 as the Source, and 10.6.6.0/24 as the Destination. Set the Service to tcp/http. 
     
25-21
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
Step 9Click Add rule to existing traffic class, and choose scansafe-http.
Step 10Choose Do not match, set any4 as the Source, and 10.6.6.0/24 as the Destination. Set the Service to 
tcp/http.

    Page 590

    Page 590 25-22 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security Step 11Click Finish. Step 12Reorder the rules so the Do not match rule is above the Match rule. 
     
25-22
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
Step 11Click Finish.
Step 12Reorder the rules so the Do not match rule is above the Match rule.
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals