Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 591

    Page 591 25-23 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security User traffic is compared to these rules in order; if this Match rule is first in the list, then all traffic, including traffic to test_network, will match only that rule and the Do not match rule will never be hit. If you move the Do not match rule above the Match rule, then traffic to test_network will match the Do not match rule, and all... 
     
25-23
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
User traffic is compared to these rules in order; if this Match rule is first in the list, then all traffic, 
including traffic to test_network, will match only that rule and the Do not match rule will never be hit. 
If you move the Do not match rule above the Match rule, then traffic to test_network will match the Do 
not match rule, and all...

    Page 592

    Page 592 25-24 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security Detailed Steps Step 1Choose Configuration > Firewall > Objects > Class Maps > Cloud Web Security. Step 2Click Add to create a new class map. The Add Cloud Web Security Traffic Class Map screen appears. Step 3In the Name field, enter the name of the new class map (40 characters or less). Step 4In the Description field, provide a description... 
     
25-24
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
Detailed Steps
Step 1Choose Configuration > Firewall > Objects > Class Maps > Cloud Web Security.
Step 2Click Add to create a new class map.
The Add Cloud Web Security Traffic Class Map screen appears.
Step 3In the Name field, enter the name of the new class map (40 characters or less).
Step 4In the Description field, provide a description...

    Page 593

    Page 593 25-25 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Configuring Cisco Cloud Web Security Step 11Click OK to add the class map. Step 12Click Apply. Step 13Use the whitelist in the Cloud Web Security policy according to the “Configuring a Service Policy to Send Traffic to Cloud Web Security” section on page 25-10. (Optional) Configuring the User Identity Monitor When you use IDFW, the ASA only downloads user identity information... 
     
25-25
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Configuring Cisco Cloud Web Security
Step 11Click OK to add the class map.
Step 12Click Apply.
Step 13Use the whitelist in the Cloud Web Security policy according to the “Configuring a Service Policy to 
Send Traffic to Cloud Web Security” section on page 25-10.
(Optional) Configuring the User Identity Monitor
When you use IDFW, the ASA only downloads user identity information...

    Page 594

    Page 594 25-26 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Monitoring Cloud Web Security Repeat for additional groups. Step 6After you add the groups you want to monitor, click Apply. Configuring the Cloud Web Security Policy After you configure the ASA service policy rules, launch the ScanCenter Portal to configure Web content scanning, filtering, malware protection services, and reports. Detailed Steps Go to:... 
     
25-26
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Monitoring Cloud Web Security
Repeat for additional groups.
Step 6After you add the groups you want to monitor, click Apply.
Configuring the Cloud Web Security Policy
After you configure the ASA service policy rules, launch the ScanCenter Portal to configure Web content 
scanning, filtering, malware protection services, and reports.
Detailed Steps
Go to:...

    Page 595

    Page 595 25-27 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Related Documents Related Documents Feature History for Cisco Cloud Web Security Table 25-1 lists each feature change and the platform release in which it was implemented. ASDM is backwards-compatible with multiple platform releases, so the specific ASDM release in which support was added is not listed. Related Documents URL Cisco ScanSafe Cloud Web Security Configuration... 
     
25-27
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Related Documents
Related Documents 
Feature History for Cisco Cloud Web Security
Table 25-1 lists each feature change and the platform release in which it was implemented. ASDM is 
backwards-compatible with multiple platform releases, so the specific ASDM release in which support 
was added is not listed. Related Documents URL
Cisco ScanSafe Cloud Web Security Configuration...

    Page 596

    Page 596 25-28 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 25 Configuring the ASA for Cisco Cloud Web Security Feature History for Cisco Cloud Web Security 
     
25-28
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 25      Configuring the ASA for Cisco Cloud Web Security
  Feature History for Cisco Cloud Web Security

    Page 597

    Page 597 CH A P T E R 26-1 Cisco ASA Series Firewall ASDM Configuration Guide 26 Configuring the Botnet Traffic Filter Malware is malicious software that is installed on an unknowing host. Malware that attempts network activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary data) can be detected by the Botnet Traffic Filter when the malware starts a connection to a known bad IP address. The Botnet Traffic Filter checks incoming and outgoing connections against a... 
    CH A P T E R
 
26-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
26
Configuring the Botnet Traffic Filter
Malware is malicious software that is installed on an unknowing host. Malware that attempts network 
activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary data) 
can be detected by the Botnet Traffic Filter when the malware starts a connection to a known bad IP 
address. The Botnet Traffic Filter checks incoming and outgoing connections against a...

    Page 598

    Page 598 26-2 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Information About the Botnet Traffic Filter Botnet Traffic Filter Databases, page 26-2 How the Botnet Traffic Filter Works, page 26-5 Botnet Traffic Filter Address Types Addresses monitored by the Botnet Traffic Filter include: Known malware addresses—These addresses are on the blacklist identified by the dynamic database and the static blacklist. Known allowed addresses—These addresses... 
     
26-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Information About the Botnet Traffic Filter
Botnet Traffic Filter Databases, page 26-2
How the Botnet Traffic Filter Works, page 26-5
Botnet Traffic Filter Address Types
Addresses monitored by the Botnet Traffic Filter include:
Known malware addresses—These addresses are on the blacklist identified by the dynamic database 
and the static blacklist.
Known allowed addresses—These addresses...

    Page 599

    Page 599 26-3 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Information About the Botnet Traffic Filter 3.In some cases, the IP address itself is supplied in the dynamic database, and the Botnet Traffic Filter logs or drops any traffic to that IP address without having to inspect DNS requests. Database Files The database files are downloaded from the Cisco update server, and then stored in running memory; they are not stored in flash memory. Be... 
     
26-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Information About the Botnet Traffic Filter
3.In some cases, the IP address itself is supplied in the dynamic database, and the Botnet Traffic Filter 
logs or drops any traffic to that IP address without having to inspect DNS requests.
Database Files
The database files are downloaded from the Cisco update server, and then stored in running memory; 
they are not stored in flash memory. Be...

    Page 600

    Page 600 26-4 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Information About the Botnet Traffic Filter When you add a domain name to the static database, the ASA waits 1 minute, and then sends a DNS request for that domain name and adds the domain name/IP address pairing to the DNS host cache. (This action is a background process, and does not affect your ability to continue configuring the ASA). We recommend also enabling DNS packet inspection... 
     
26-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Information About the Botnet Traffic Filter
When you add a domain name to the static database, the ASA waits 1 minute, and then sends a DNS 
request for that domain name and adds the domain name/IP address pairing to the DNS host cache. (This 
action is a background process, and does not affect your ability to continue configuring the ASA). We 
recommend also enabling DNS packet inspection...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals