Cisco Systems, Inc.
www.cisco.com
Cisco has more than 200 offices worldwide.
Addresses, phone numbers, and fax numbers
are listed on the Cisco website at
www.cisco.com/go/offices.
AsyncOS 10.6 for Cisco Web Security
Appliances User Guide
Published: June 7, 2019
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
© 2019 Cisco Systems, Inc. All rights reserved.
1
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
CONTENTS
CHAPTER
1Introduction to the Product and the Release 1-1
Introduction to the Web Security Appliance 1-1
What’s New 1-1
Related Topics 1-1
Using the Appliance Web Interface 1-2
Web Interface Browser Requirements 1-2
Enabling Access to the Web Interface on Virtual Appliances 1-2
Accessing the Appliance Web Interface 1-3
Committing Changes in the Web Interface 1-3
Clearing Changes in the Web Interface 1-4
The Cisco SensorBase Network 1-4
SensorBase Benefits and Privacy 1-4
Enabling Participation in The Cisco SensorBase Network 1-4
CHAPTER
2Connect, Install, and Configure 2-1
Overview of Connect, Install, and Configure 2-1
Deploying a Virtual Appliance 2-2
Migrating from a Physical to a Virtual Appliance 2-2
Comparison of Modes of Operation 2-2
Task Overview for Connecting, Installing, and Configuring 2-5
Connecting the Appliance 2-6
Gathering Setup Information 2-8
System Setup Wizard 2-10
System Setup Wizard Reference Information 2-11
Network / System Settings 2-11
Network / Network Context 2-12
Network / Cloud Connector Settings 2-12
Network / Network Interfaces and Wiring 2-13
Network / Layer 4 Traffic Monitor Wiring 2-13
Network / Routes for Management and Data Traffic 2-14
Network / Transparent Connection Settings 2-14
Network /Administrative Settings 2-15
Contents
2
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Security / Security Settings 2-16
Upstream Proxies 2-16
Upstream Proxies Task Overview 2-17
Creating Proxy Groups for Upstream Proxies 2-17
Network Interfaces 2-18
IP Address Versions 2-18
Enabling or Changing Network Interfaces 2-19
Configuring Failover Groups for High Availability 2-21
Add Failover Group 2-21
Edit High Availability Global Settings 2-22
View Status of Failover Groups 2-22
Using the P2 Data Interface for Web Proxy Data 2-23
Configuring TCP/IP Traffic Routes 2-24
Modifying the Default Route 2-25
Adding a Route 2-25
Saving and Loading Routing Tables 2-25
Deleting a Route 2-25
Configuring Transparent Redirection 2-26
Specifying a Transparent Redirection Device 2-26
Using An L4 Switch 2-26
Configuring WCCP Services 2-27
Increasing Interface Capacity Using VLANs 2-31
Configuring and Managing VLANs 2-31
Redirect Hostname and System Hostname 2-34
Changing the Redirect Hostname 2-34
Changing the System Hostname 2-34
Configuring SMTP Relay Host Settings 2-34
Configuring an SMTP Relay Host 2-35
DNS Settings 2-35
Split DNS 2-35
Clearing the DNS Cache 2-36
Editing DNS Settings 2-36
Troubleshooting Connect, Install, and Configure 2-37
CHAPTER
3Connect the Appliance to a Cisco Cloud Web Security Proxy 3-1
How to Configure and Use Features in Cloud Connector Mode 3-1
Deployment in Cloud Connector Mode 3-2
Configuring the Cloud Connector 3-2
Contents
3
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Controlling Web Access Using Directory Groups in the Cloud 3-5
Bypassing the Cloud Proxy Server 3-5
Partial Support for FTP and HTTPS in Cloud Connector Mode 3-5
Preventing Loss of Secure Data 3-6
Viewing Group and User Names and IP Addresses 3-6
Subscribing to Cloud Connector Logs 3-6
Identification Profiles and Authentication with Cloud Web Security Connector 3-7
Identifying Machines for Policy Application 3-7
Guest Access for Unauthenticated Users 3-8
CHAPTER
4Intercepting Web Requests 4-1
Overview of Intercepting Web Requests 4-1
Tasks for Intercepting Web Requests 4-2
Best Practices for Intercepting Web Requests 4-2
Web Proxy Options for Intercepting Web Requests 4-3
Configuring Web Proxy Settings 4-3
Web Proxy Cache 4-5
Clearing the Web Proxy Cache 4-6
Removing URLs from the Web Proxy Cache 4-6
Specifying Domains or URLs that the Web Proxy never Caches 4-6
Choosing The Web Proxy Cache Mode 4-7
Web Proxy IP Spoofing 4-8
Web Proxy Custom Headers 4-9
Adding Custom Headers To Web Requests 4-9
Web Proxy Bypassing 4-10
Web Proxy Bypassing for Web Requests 4-10
Configuring Web Proxy Bypassing for Web Requests 4-10
Configuring Web Proxy Bypassing for Applications 4-11
Web Proxy Usage Agreement 4-11
Client Options for Redirecting Web Requests 4-11
Using PAC Files with Client Applications 4-12
Options For Publishing Proxy Auto-Config (PAC) Files 4-12
Client Options For Finding Proxy Auto-Config (PAC) Files 4-12
Automatic PAC File Detection 4-12
Hosting PAC Files on the Web Security Appliance 4-12
Specifying PAC Files in Client Applications 4-13
Configuring a PAC File Location Manually in Clients 4-13
Detecting the PAC File Automatically in Clients 4-14
Contents
4
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
FTP Proxy Services 4-14
Overview of FTP Proxy Services 4-14
Enabling and Configuring the FTP Proxy 4-15
SOCKS Proxy Services 4-16
Overview of SOCKS Proxy Services 4-16
Enabling Processing of SOCKS Traffic 4-17
Configuring the SOCKS Proxy 4-17
Creating SOCKS Policies 4-17
Troubleshooting Intercepting Requests 4-18
CHAPTER
5Acquire End-User Credentials 5-1
Overview of Acquire End-User Credentials 5-1
Authentication Task Overview 5-2
Authentication Best Practices 5-2
Authentication Planning 5-3
Active Directory/Kerberos 5-4
Active Directory/Basic 5-5
Active Directory/NTLMSSP 5-6
LDAP/Basic 5-6
Identifying Users Transparently 5-6
Understanding Transparent User Identification 5-7
Rules and Guidelines for Transparent User Identification 5-9
Configuring Transparent User Identification 5-10
Using the CLI to Configure Advanced Transparent User Identification Settings 5-10
Configuring Single-Sign-on 5-11
Creating a Service Account in Windows Active Directory for Kerberos Authentication in High
Availability Deployments 5-11
Authentication Realms 5-13
External Authentication 5-14
Configuring External Authentication through an LDAP Server 5-14
Enabling RADIUS External Authentication 5-14
Enabling Certificate Based Authentication 5-14
Creating an Active Directory Realm for Kerberos Authentication Scheme 5-15
How to Create an Active Directory Authentication Realm (NTLMSSP and Basic) 5-18
Prerequisites for Creating an Active Directory Authentication Realm (NTLMSSP and Basic) 5-18
About Using Multiple NTLM Realms and Domains 5-18
Creating an Active Directory Authentication Realm (NTLMSSP and Basic) 5-19
Creating an LDAP Authentication Realm 5-20
About Deleting Authentication Realms 5-25
Contents
5
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Configuring Global Authentication Settings 5-25
Authentication Sequences 5-30
About Authentication Sequences 5-31
Creating Authentication Sequences 5-31
Editing And Reordering Authentication Sequences 5-32
Deleting Authentication Sequences 5-32
Failed Authentication 5-32
About Failed Authentication 5-33
Bypassing Authentication with Problematic User Agents 5-33
Bypassing Authentication 5-35
Permitting Unauthenticated Traffic While Authentication Service is Unavailable 5-35
Granting Guest Access After Failed Authentication 5-35
Define an Identification Profile that Supports Guest Access 5-36
Use an Identification Profile that Supports Guest Access in a Policy 5-36
Configure How Guest User Details are Logged 5-36
Failed Authorization: Allowing Re-Authentication with Different Credentials 5-37
About Allowing Re-Authentication with Different Credentials 5-37
Allowing Re-Authentication with Different Credentials 5-37
Tracking Identified Users 5-37
Supported Authentication Surrogates for Explicit Requests 5-38
Supported Authentication Surrogates for Transparent Requests 5-38
Tracking Re-Authenticated Users 5-38
Credentials 5-39
Tracking Credentials for Reuse During a Session 5-39
Authentication and Authorization Failures 5-40
Credential Format 5-40
Credential Encryption for Basic Authentication 5-40
About Credential Encryption for Basic Authentication 5-40
Configuring Credential Encryption 5-40
Troubleshooting Authentication 5-41
CHAPTER
6Classify End-Users and Client Software 6-1
Overview of Classify Users and Client Software 6-1
Classify Users and Client Software: Best Practices 6-2
Identification Profile Criteria 6-2
Classifying Users and Client Software 6-3
Enable/Disable an Identity 6-8
Identification Profiles and Authentication 6-8
Contents
6
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Troubleshooting Identification Profiles 6-10
CHAPTER
7SaaS Access Control 7-1
Overview of SaaS Access Control 7-1
Configuring the Appliance as an Identity Provider 7-2
Using SaaS Access Control and Multiple Appliances 7-4
Creating SaaS Application Authentication Policies 7-4
Configuring End-user Access to the Single Sign-on URL 7-6
CHAPTER
8Integrate the Cisco Identity Services Engine 8-1
Overview of the Identity Services Engine Service 8-1
About pxGrid 8-1
About the ISE Server Deployment and Failover 8-2
Identity Services Engine Certificates 8-2
Using Self-signed Certificates 8-3
Using CA-signed Certificates 8-3
Tasks for Certifying and Integrating the ISE Service 8-3
Connect to the ISE Services 8-6
Troubleshooting Identity Services Engine Problems 8-7
CHAPTER
9Classify URLs for Policy Application 9-1
Overview of Categorizing URL Transactions 9-1
Categorization of Failed URL Transactions 9-2
Enabling the Dynamic Content Analysis Engine 9-2
Uncategorized URLs 9-2
Matching URLs to URL Categories 9-3
Reporting Uncategorized and Misclassified URLs 9-3
URL Categories Database 9-3
Configuring the URL Filtering Engine 9-4
Managing Updates to the Set of URL Categories 9-4
Understanding the Impacts of URL Category Set Updates 9-5
Effects of URL Category Set Changes on Policy Group Membership 9-5
Effects of URL Category Set Updates on Filtering Actions in Policies 9-5
Merged Categories - Examples 9-6
Controlling Updates to the URL Category Set 9-7
Manually Updating the URL Category Set 9-7
Default Settings for New and Changed Categories 9-8
Verifying Existing Settings and/or Making Changes 9-8
Contents
7
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Receiving Alerts About Category and Policy Changes 9-8
Responding to Alerts about URL Category Set Updates 9-8
Filtering Transactions Using URL Categories 9-9
Configuring URL Filters for Access Policy Groups 9-9
Exceptions to Blocking for Embedded and Referred Content 9-11
Configuring URL Filters for Decryption Policy Groups 9-12
Configuring URL Filters for Data Security Policy Groups 9-13
Creating and Editing Custom and External URL Categories 9-14
Address Formats and Feed-file Formats for Custom and External URL Categories 9-18
External Feed-file Formats 9-18
Filtering Adult Content 9-19
Enforcing Safe Searches and Site Content Ratings 9-20
Logging Adult Content Access 9-21
Redirecting Traffic in the Access Policies 9-21
Logging and Reporting 9-22
Warning Users and Allowing Them to Continue 9-22
Configuring Settings for the End-User Filtering Warning Page 9-23
Creating Time Based URL Filters 9-23
Viewing URL Filtering Activity 9-24
Understanding Unfiltered and Uncategorized Data 9-24
URL Category Logging in Access Logs 9-24
Regular Expressions 9-25
Forming Regular Expressions 9-25
Guidelines for Avoiding Validation Failures 9-26
Regular Expression Character Table 9-27
URL Category Descriptions 9-28
CHAPTER
10 Create Policies to Control Internet Requests 10-1
Overview of Policies: Control Intercepted Internet Requests 10-1
Intercepted HTTP/HTTPS Request Processing 10-2
Managing Web Requests Through Policies Task Overview 10-3
Managing Web Requests Through Policies Best Practices 10-3
Policies 10-3
Policy Types 10-4
Policy Order 10-6
Creating a Policy 10-7
Adding and Editing Secure Group Tags for a Policy 10-10
Policy Configuration 10-10
Contents
8
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Access Policies: Blocking Objects 10-14
Archive Inspection Settings 10-16
Block, Allow, or Redirect Transaction Requests 10-16
Client Applications 10-19
About Client Applications 10-19
Using Client Applications in Policies 10-19
Exempting Client Applications from Authentication 10-20
Time Ranges and Quotas 10-20
Time Ranges for Policies and Acceptable Use Controls 10-20
Creating a Time Range 10-20
Time and Volume Quotas 10-21
Volume Quota Calculations 10-22
Time Quota Calculations 10-23
Defining Time and Volume Quotas 10-23
Access Control by URL Category 10-24
Using URL Categories to Identify Web Requests 10-24
Using URL Categories to Action Web Request 10-24
Remote Users 10-25
About Remote Users 10-25
How to Configure Identification of Remote Users 10-26
Configuring Identification of Remote Users 10-26
Display Remote User Status and Statistics for ASAs 10-27
Troubleshooting Policies 10-27
CHAPTER
11 Create Decryption Policies to Control HTTPS Traffic 11-1
Overview of Create Decryption Policies to Control HTTPS Traffic 11-1
Managing HTTPS Traffic through Decryption Policies Task Overview 11-2
Managing HTTPS Traffic through Decryption Policies Best Practices 11-2
Decryption Policies 11-2
Enabling the HTTPS Proxy 11-4
Controlling HTTPS Traffic 11-6
Configuring Decryption Options 11-8
Authentication and HTTPS Connections 11-8
Root Certificates 11-8
Managing Certificate Validation and Decryption for HTTPS 11-9
Valid Certificates 11-9
Invalid Certificate Handling 11-10
Uploading a Root Certificate and Key 11-10
Contents
9
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Generating a Certificate and Key for the HTTPS Proxy 11-11
Configuring Invalid Certificate Handling 11-11
Options for Certificate Revocation Status Checking 11-12
Enabling Real-Time Revocation Status Checking 11-13
Trusted Root Certificates 11-13
Adding Certificates to the Trusted List 11-14
Removing Certificates from the Trusted List 11-14
Routing HTTPS Traffic 11-14
Troubleshooting Decryption/HTTPS/Certificates 11-15
CHAPTER
12 Scan Outbound Traffic for Existing Infections 12-1
Overview of Scanning Outbound Traffic 12-1
User Experience When Requests Are Blocked by the DVS Engine 12-1
Understanding Upload Requests 12-2
Criteria for Group Membership 12-2
Matching Client Requests to Outbound Malware Scanning Policy Groups 12-2
Creating Outbound Malware Scanning Policies 12-3
Controlling Upload Requests 12-4
Logging of DVS Scanning 12-6
CHAPTER
13 Configuring Security Services 13-1
Overview of Configuring Security Services 13-1
Overview of Web Reputation Filters 13-2
Web Reputation Scores 13-2
Understanding How Web Reputation Filtering Works 13-2
Web Reputation in Access Policies 13-3
Web Reputation in Decryption Policies 13-4
Web Reputation in Cisco Data Security Policies 13-4
Overview of Anti-Malware Scanning 13-4
Understanding How the DVS Engine Works 13-4
Working with Multiple Malware Verdicts 13-5
Webroot Scanning 13-5
McAfee Scanning 13-6
Matching Virus Signature Patterns 13-6
Heuristic Analysis 13-6
McAfee Categories 13-6
Sophos Scanning 13-6
Understanding Adaptive Scanning 13-7
Contents
10
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Adaptive Scanning and Access Policies 13-7
Enabling Anti-Malware and Reputation Filters 13-7
Configuring Anti-Malware and Reputation in Policies 13-9
Anti-Malware and Reputation Settings in Access Policies 13-9
Configuring Anti-Malware and Reputation Settings with Adaptive Scanning Enabled 13-9
Configuring Anti-Malware and Reputation Settings with Adaptive Scanning Disabled 13-11
Configuring Web Reputation Scores 13-12
Configuring Web Reputation Score Thresholds for Access Policies 13-12
Configuring Web Reputation Filter Settings for Decryption Policy Groups 13-12
Configuring Web Reputation Filter Settings for Data Security Policy Groups 13-13
Maintaining the Database Tables 13-13
The Web Reputation Database 13-13
Logging of Web Reputation Filtering Activity and DVS Scanning 13-13
Logging Adaptive Scanning 13-13
Caching 13-14
Malware Category Descriptions 13-15
CHAPTER
14 File Reputation Filtering and File Analysis 14-1
Overview of File Reputation Filtering and File Analysis 14-1
File Threat Verdict Updates 14-1
File Processing Overview 14-2
Supported Files for File Reputation and Analysis Services 14-3
Archive or Compressed File Processing 14-4
Privacy of Information Sent to the Cloud 14-4
FIPS Compliance 14-5
Configuring File Reputation and Analysis Features 14-5
Requirements for Communication with File Reputation and Analysis Services 14-5
Routing Traffic to File Reputation and File Analysis Servers Through a Data Interface 14-6
Configuring an On-premises File Reputation Server 14-6
Configuring an On-premises File Analysis Server 14-7
Enabling and Configuring the File Reputation and Analysis Services 14-8
(Public Cloud File Analysis Services Only) Configuring Appliance Groups 14-11
Which Appliances Are In the Analysis Group? 14-12
Configuring File Reputation and Analysis Service Action Per Access Policy 14-12
Ensuring That You Receive Alerts About Advanced Malware Protection Issues 14-12
Configuring Centralized Reporting for Advanced Malware Protection Features 14-13
File Reputation and File Analysis Reporting and Tracking 14-13
Identifying Files by SHA-256 Hash 14-14
File Reputation and File Analysis Report Pages 14-14
Contents
11
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Viewing File Reputation Filtering Data in Other Reports 14-15
About Web Tracking and Advanced Malware Protection Features 14-15
Taking Action When File Threat Verdicts Change 14-16
Troubleshooting File Reputation and Analysis 14-17
Log Files 14-17
Several Alerts About Failure to Connect to File Reputation or File Analysis Servers 14-17
API Key Error (On-Premises File Analysis) 14-18
Files are Not Uploaded As Expected 14-18
File Analysis Details in the Cloud Are Incomplete 14-18
Alerts about File Types That Can Be Sent for Analysis 14-18
CHAPTER
15 Managing Access to Web Applications 15-1
Overview of Managing Access to Web Applications 15-1
Enabling the AVC Engine 15-2
AVC Engine Updates and Default Actions 15-2
User Experience When Requests Are Blocked by the AVC Engine 15-3
Policy Application Control Settings 15-3
Range Request Settings 15-3
Rules and Guidelines for Configuring Application Control 15-4
Configuring Application Control Settings in an Access Policy Group 15-5
Controlling Bandwidth 15-5
Configuring Overall Bandwidth Limits 15-6
Configuring User Bandwidth Limits 15-6
Configuring the Default Bandwidth Limit for an Application Type 15-7
Overriding the Default Bandwidth Limit for an Application Type 15-7
Configuring Bandwidth Controls for an Application 15-7
Controlling Instant Messaging Traffic 15-8
Viewing AVC Activity 15-8
AVC Information in Access Log File 15-9
CHAPTER
16 Prevent Loss of Sensitive Data 16-1
Overview of Prevent Loss of Sensitive Data 16-1
Bypassing Upload Requests Below a Minimum Size 16-2
User Experience When Requests Are Blocked As Sensitive Data 16-2
Managing Upload Requests 16-2
Managing Upload Requests on an External DLP System 16-3
Evaluating Data Security and External DLP Policy Group Membership 16-4
Matching Client Requests to Data Security and External DLP Policy Groups 16-4
Contents
12
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Creating Data Security and External DLP Policies 16-5
Managing Settings for Upload Requests 16-7
URL Categories 16-8
Web Reputation 16-8
Content Blocking 16-8
Defining External DLP Systems 16-9
Configuring External DLP Servers 16-9
Controlling Upload Requests Using External DLP Policies 16-11
Logging of Data Loss Prevention Scanning 16-12
CHAPTER
17 Notify End-Users of Proxy Actions 17-1
End-User Notifications Overview 17-1
Configuring General Settings for Notification Pages 17-2
End-User Acknowledgment Page 17-2
Access HTTPS and FTP Sites with the End-User Acknowledgment Page 17-3
About the End-user Acknowledgment Page 17-3
Configuring the End-User Acknowledgment Page 17-3
End-User Notification Pages 17-5
Configuring On-Box End-User Notification Pages 17-6
Off-Box End-User Notification Pages 17-7
Displaying the Correct Off-Box Page Based on the Reason for Blocking Access 17-7
URL Criteria for Off-Box Notification Pages 17-7
Off-Box End-User Notification Page Parameters 17-7
Redirecting End-User Notification Pages to a Custom URL (Off-Box) 17-8
Configuring the End-User URL Filtering Warning Page 17-9
Configuring FTP Notification Messages 17-9
Custom Messages on Notification Pages 17-10
Supported HTML Tags in Custom Messages on Notification Pages 17-10
Caveats for URLs and Logos in Notification Pages 17-11
Editing Notification Page HTML Files Directly 17-12
Requirements for Editing Notification HTML Files Directly 17-12
Editing Notification HTML Files Directly 17-12
Using Variables in Notification HTML Files 17-13
Variables for Customizing Notification HTML Files 17-13
Notification Page Types 17-15
CHAPTER
18 Generate Reports to Monitor End-user Activity 18-1
Overview of Reporting 18-1
Contents
13
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Working with Usernames in Reports 18-1
Report Pages 18-2
Using the Reporting Pages 18-2
Changing the Time Range 18-3
Searching Data 18-3
Choosing Which Data to Chart 18-4
Custom Reports 18-4
Modules That Cannot Be Added to Custom Reports 18-4
Creating Your Custom Report Page 18-5
Subdomains vs. Second-level Domains in Reporting and Tracking 18-5
Printing and Exporting Reports from Report Pages 18-5
Exporting Report Data 18-6
Enabling Centralized Reporting 18-6
Scheduling Reports 18-7
Adding a Scheduled Report 18-8
Editing Scheduled Reports 18-8
Deleting Scheduled Reports 18-8
Generating Reports On Demand 18-9
Archived Reports 18-9
CHAPTER
19 Web Security Appliance Reports 19-1
Overview Page 19-2
Users Page 19-3
User Details Page 19-3
Web Sites Page 19-4
URL Categories Page 19-4
URL Category Set Updates and Reports 19-5
Application Visibility Page 19-5
Anti-Malware Page 19-6
Malware Category Report Page 19-6
Malware Threat Report Page 19-6
Advanced Malware Protection Page 19-6
File Analysis Page 19-6
AMP Verdict Updates Page 19-6
Client Malware Risk Page 19-7
Client Detail Page for Web Proxy - Clients by Malware Risk 19-7
Web Reputation Filters Page 19-7
L4 Traffic Monitor Page 19-8
Contents
14
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
SOCKS Proxy Page 19-8
Reports by User Location Page 19-9
Web Tracking Page 19-9
Searching for Transactions Processed by the Web Proxy 19-10
Searching for Transactions Processed by the L4 Traffic Monitor 19-12
Searching for Transactions Processed by the SOCKS Proxy 19-12
System Capacity Page 19-13
System Status Page 19-14
CHAPTER
20 Detecting Rogue Traffic on Non-Standard Ports 20-1
Overview of Detecting Rogue Traffic 20-1
Configuring the L4 Traffic Monitor 20-1
List of Known Sites 20-2
Configuring L4 Traffic Monitor Global Settings 20-2
Updating L4 Traffic Monitor Anti-Malware Rules 20-3
Creating a Policy to Detect Rogue Traffic 20-3
Valid Formats 20-4
Viewing L4 Traffic Monitor Activity 20-4
Monitoring Activity and Viewing Summary Statistics 20-4
L4 Traffic Monitor Log File Entries 20-5
CHAPTER
21 Monitor System Activity Through Logs 21-1
Overview of Logging 21-1
Common Tasks for Logging 21-2
Best Practices for Logging 21-2
Troubleshooting Web Proxy Issues Using Logs 21-2
Log File Types 21-3
Adding and Editing Log Subscriptions 21-7
Pushing Log Files to Another Server 21-11
Archiving Log Files 21-11
Log File Names and Appliance Directory Structure 21-12
Reading and Interpreting Log Files 21-12
Viewing Log Files 21-13
Web Proxy Information in Access Log Files 21-13
Transaction Result Codes 21-16
ACL Decision Tags 21-16
Interpreting Access Log Scanning Verdict Entries 21-21
Contents
15
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
W3C Compliant Access Log Files 21-25
W3C Field Types 21-25
Interpreting W3C Access Logs 21-25
W3C Log File Headers 21-26
W3C Field Prefixes 21-26
Customizing Access Logs 21-27
Access Log User Defined Fields 21-27
Customizing Regular Access Logs 21-28
Customizing W3C Access Logs 21-28
Configuring CTA-specific Custom W3C Logs 21-29
Traffic Monitor Log Files 21-30
Interpreting Traffic Monitor Logs 21-30
Log File Fields and Tags 21-31
Access Log Format Specifiers and W3C Log File Fields 21-31
Malware Scanning Verdict Values 21-41
Troubleshooting Logging 21-42
CHAPTER
22 Perform System Administration Tasks 22-1
Overview of System Administration 22-1
Saving, Loading, and Resetting the Appliance Configuration 22-2
Viewing and Printing the Appliance Configuration 22-2
Saving the Appliance Configuration File 22-2
Loading the Appliance Configuration File 22-3
Resetting the Appliance Configuration to Factory Defaults 22-3
Working with Feature Keys 22-4
Displaying and Updating Feature Keys 22-4
Changing Feature Key Update Settings 22-4
Virtual Appliance License 22-5
Installing a Virtual Appliance License 22-5
Enabling Remote Power Cycling 22-5
Administering User Accounts 22-6
Managing Local User Accounts 22-7
Adding Local User Accounts 22-7
Deleting User Accounts 22-8
Editing User Accounts 22-8
Changing Passphrases 22-8
Defining User Preferences 22-9
Two-Factor Authentication 22-9
Contents
16
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Enabling Two-Factor Authentication 22-10
Disabling Two-Factor Authentication 22-10
Configuring Administrative Login Authentication and Authorization 22-10
RADIUS User Authentication 22-11
Sequence of Events For Radius Authentication 22-11
Enabling External Authentication Using RADIUS 22-11
Enabling Certificate-based Authentication 22-14
Reverting to password-based Authentication 22-16
Setting Passphrase Requirements for Administrative Users 22-16
Additional Security Settings for Accessing the Appliance 22-17
User Network Access 22-18
Resetting the Administrator Passphrase 22-18
Configuring the Return Address for Generated Messages 22-19
Managing Alerts 22-20
Alert Classifications and Severities 22-20
Managing Alert Recipients 22-20
Adding and Editing Alert Recipients 22-20
Deleting Alert Recipients 22-21
Configuring Alert Settings 22-21
Alert Listing 22-22
Feature Key Alerts 22-22
Hardware Alerts 22-23
Logging Alerts 22-23
Reporting Alerts 22-24
System Alerts 22-26
Updater Alerts 22-27
Anti-Malware Alerts 22-27
FIPS Compliance 22-27
FIPS Certificate Requirements 22-28
FIPS Certificate Validation 22-28
Enabling or Disabling FIPS Mode 22-29
System Date and Time Management 22-29
Setting the Time Zone 22-29
Synchronizing the System Clock with an NTP Server 22-30
SSL Configuration 22-30
Certificate Management 22-32
Strict Certificate Validation 22-32
About Certificates and Keys 22-33
Creating or Uploading Client Certificates 22-33
Contents
17
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
Creating a Self-Signed Certificate 22-33
Uploading a Client Certificate 22-34
Managing Certificate-based Authentication/RADSEC Root Certificates 22-34
Managing Trusted Root Certificates 22-35
Certificate Updates 22-35
Viewing Blocked Certificates 22-35
Uploading or Generating a Certificate and Key 22-35
Uploading a Certificate and Key 22-36
Generating a Certificate and Key 22-36
Certificate Signing Requests 22-37
Intermediate Certificates 22-37
Web Upgrades and Updates 22-38
Best Practices For Upgrading for Web 22-38
Upgrading and Updating and Security Service Components 22-38
Upgrading AsyncOS for Web 22-38
Downloading and Installing an Upgrade 22-39
Viewing Status of, Canceling, or Deleting a Background Download 22-40
Automatic and Manual Update and Upgrade Queries 22-41
Manually Updating Security Service Components 22-41
Local And Remote Update Servers 22-42
Updating and Upgrading from the Cisco Update Servers 22-42
Upgrading from a Local Server 22-42
Differences Between Local and Remote Upgrading Methods 22-44
Configuring Upgrade and Service Update Settings 22-44
Reverting to a Previous Version of AsyncOS for Web 22-45
Reverting AsyncOS on Virtual Appliances Impacts the License 22-45
Configuration File Use in the Revert Process 22-45
Reverting AsyncOS for an Appliance Managed by the SMA 22-46
Reverting AsyncOS for Web to a Previous Version 22-46
Monitoring System Health and Status Using SNMP 22-47
MIB Files 22-47
Enabling and Configuring SNMP Monitoring 22-48
Hardware Objects 22-48
SNMP Traps 22-48
About the connectivityFailure SNMP Trap 22-48
CLI Example: snmpconfig 22-49
APPENDIX
ATroubleshooting A-1
General Troubleshooting Best Practices A-2
Contents
18
AsyncOS 10.6 for Cisco Web Security Appliances User Guide
FIPS Mode Problems A-2
CSP Encryption A-2
Certificate Validation A-2
Authentication Problems A-2
Troubleshooting Tools for Authentication Issues A-3
Failed Authentication Impacts Normal Operations A-3
LDAP Problems A-3
LDAP User Fails Authentication due to NTLMSSP A-3
LDAP Authentication Fails due to LDAP Referral A-3
Basic Authentication Problems A-4
Basic Authentication Fails A-4
Single Sign-On Problems A-4
Users Erroneously Prompted for Credentials A-4
Browser Problems A-4
WPAD Not Working With Firefox A-4
DNS Problems A-5
Alert: Failed to Bootstrap the DNS Cache A-5
Feature Keys Expired A-5
Failover Problems A-5
Failover Misconfiguration A-5
Failover Issues on Virtual Appliances A-6
FTP Problems A-6
URL Categories Do Not Block Some FTP Sites A-6
Large FTP Transfers Disconnect A-6
Zero Byte File Appears On FTP Servers After File Upload A-7
Chrome Browser Not Detected As User Agent in FTP-over-HTTP Requests A-7
Upload/Download Speed Issues A-7
Hardware Issues A-8
Cycling Appliance Power A-8
Appliance Health and Status Indicators A-8
Alert: Battery Relearn Timed Out (RAID Event) on 380 or 680 Hardware A-8
HTTPS/Decryption/Certificate Problems A-9
Accessing HTTPS Sites Using Routing Policies with URL Category Criteria A-9
HTTPS Request Failures A-9
HTTPS with IP-based Surrogates and Transparent Requests A-9
Different Client “Hello” Behavior for Custom and Default Categories A-9
Bypassing Decryption for Particular Websites A-10
Conditions and Restrictions for Exceptions to Blocking for Embedded and Referred Content A-10
Alert: Problem with Security Certificate A-11
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182
  • Page 183 183
  • Page 184 184
  • Page 185 185
  • Page 186 186
  • Page 187 187
  • Page 188 188
  • Page 189 189
  • Page 190 190
  • Page 191 191
  • Page 192 192
  • Page 193 193
  • Page 194 194
  • Page 195 195
  • Page 196 196
  • Page 197 197
  • Page 198 198
  • Page 199 199
  • Page 200 200
  • Page 201 201
  • Page 202 202
  • Page 203 203
  • Page 204 204
  • Page 205 205
  • Page 206 206
  • Page 207 207
  • Page 208 208
  • Page 209 209
  • Page 210 210
  • Page 211 211
  • Page 212 212
  • Page 213 213
  • Page 214 214
  • Page 215 215
  • Page 216 216
  • Page 217 217
  • Page 218 218
  • Page 219 219
  • Page 220 220
  • Page 221 221
  • Page 222 222
  • Page 223 223
  • Page 224 224
  • Page 225 225
  • Page 226 226
  • Page 227 227
  • Page 228 228
  • Page 229 229
  • Page 230 230
  • Page 231 231
  • Page 232 232
  • Page 233 233
  • Page 234 234
  • Page 235 235
  • Page 236 236
  • Page 237 237
  • Page 238 238
  • Page 239 239
  • Page 240 240
  • Page 241 241
  • Page 242 242
  • Page 243 243
  • Page 244 244
  • Page 245 245
  • Page 246 246
  • Page 247 247
  • Page 248 248
  • Page 249 249
  • Page 250 250
  • Page 251 251
  • Page 252 252
  • Page 253 253
  • Page 254 254
  • Page 255 255
  • Page 256 256
  • Page 257 257
  • Page 258 258
  • Page 259 259
  • Page 260 260
  • Page 261 261
  • Page 262 262
  • Page 263 263
  • Page 264 264
  • Page 265 265
  • Page 266 266
  • Page 267 267
  • Page 268 268
  • Page 269 269
  • Page 270 270
  • Page 271 271
  • Page 272 272
  • Page 273 273
  • Page 274 274
  • Page 275 275
  • Page 276 276
  • Page 277 277
  • Page 278 278
  • Page 279 279
  • Page 280 280
  • Page 281 281
  • Page 282 282
  • Page 283 283
  • Page 284 284
  • Page 285 285
  • Page 286 286
  • Page 287 287
  • Page 288 288
  • Page 289 289
  • Page 290 290
  • Page 291 291
  • Page 292 292
  • Page 293 293
  • Page 294 294
  • Page 295 295
  • Page 296 296
  • Page 297 297
  • Page 298 298
  • Page 299 299
  • Page 300 300
  • Page 301 301
  • Page 302 302
  • Page 303 303
  • Page 304 304
  • Page 305 305
  • Page 306 306
  • Page 307 307
  • Page 308 308
  • Page 309 309
  • Page 310 310
  • Page 311 311
  • Page 312 312
  • Page 313 313
  • Page 314 314
  • Page 315 315
  • Page 316 316
  • Page 317 317
  • Page 318 318
  • Page 319 319
  • Page 320 320
  • Page 321 321
  • Page 322 322
  • Page 323 323
  • Page 324 324
  • Page 325 325
  • Page 326 326
  • Page 327 327
  • Page 328 328
  • Page 329 329
  • Page 330 330
  • Page 331 331
  • Page 332 332
  • Page 333 333
  • Page 334 334
  • Page 335 335
  • Page 336 336
  • Page 337 337
  • Page 338 338
  • Page 339 339
  • Page 340 340
  • Page 341 341
  • Page 342 342
  • Page 343 343
  • Page 344 344
  • Page 345 345
  • Page 346 346
  • Page 347 347
  • Page 348 348
  • Page 349 349
  • Page 350 350
  • Page 351 351
  • Page 352 352
  • Page 353 353
  • Page 354 354
  • Page 355 355
  • Page 356 356
  • Page 357 357
  • Page 358 358
  • Page 359 359
  • Page 360 360
  • Page 361 361
  • Page 362 362
  • Page 363 363
  • Page 364 364
  • Page 365 365
  • Page 366 366
  • Page 367 367
  • Page 368 368
  • Page 369 369
  • Page 370 370
  • Page 371 371
  • Page 372 372
  • Page 373 373
  • Page 374 374
  • Page 375 375
  • Page 376 376
  • Page 377 377
  • Page 378 378
  • Page 379 379
  • Page 380 380
  • Page 381 381
  • Page 382 382
  • Page 383 383
  • Page 384 384
  • Page 385 385
  • Page 386 386
  • Page 387 387
  • Page 388 388
  • Page 389 389
  • Page 390 390
  • Page 391 391
  • Page 392 392
  • Page 393 393
  • Page 394 394
  • Page 395 395
  • Page 396 396
  • Page 397 397
  • Page 398 398
  • Page 399 399
  • Page 400 400
  • Page 401 401
  • Page 402 402
  • Page 403 403
  • Page 404 404
  • Page 405 405
  • Page 406 406
  • Page 407 407
  • Page 408 408
  • Page 409 409
  • Page 410 410
  • Page 411 411
  • Page 412 412
  • Page 413 413
  • Page 414 414
  • Page 415 415
  • Page 416 416
  • Page 417 417
  • Page 418 418
  • Page 419 419
  • Page 420 420
  • Page 421 421
  • Page 422 422
  • Page 423 423
  • Page 424 424
  • Page 425 425
  • Page 426 426
  • Page 427 427
  • Page 428 428
  • Page 429 429
  • Page 430 430
  • Page 431 431
  • Page 432 432
  • Page 433 433
  • Page 434 434
  • Page 435 435
  • Page 436 436
  • Page 437 437
  • Page 438 438
  • Page 439 439
  • Page 440 440
  • Page 441 441
  • Page 442 442
  • Page 443 443
  • Page 444 444
  • Page 445 445
  • Page 446 446
  • Page 447 447
  • Page 448 448
  • Page 449 449
  • Page 450 450
  • Page 451 451
  • Page 452 452
  • Page 453 453
  • Page 454 454
  • Page 455 455
  • Page 456 456
  • Page 457 457
  • Page 458 458
  • Page 459 459
  • Page 460 460
  • Page 461 461
  • Page 462 462
  • Page 463 463
  • Page 464 464
  • Page 465 465
  • Page 466 466
  • Page 467 467
  • Page 468 468
  • Page 469 469
  • Page 470 470
  • Page 471 471
  • Page 472 472
  • Page 473 473
  • Page 474 474
  • Page 475 475
  • Page 476 476
  • Page 477 477
  • Page 478 478
  • Page 479 479
  • Page 480 480
  • Page 481 481
  • Page 482 482
  • Page 483 483
  • Page 484 484
  • Page 485 485
  • Page 486 486
  • Page 487 487
  • Page 488 488
  • Page 489 489
  • Page 490 490
  • Page 491 491
  • Page 492 492
  • Page 493 493
  • Page 494 494
  • Page 495 495
  • Page 496 496
  • Page 497 497
  • Page 498 498
  • Page 499 499
  • Page 500 500
  • Page 501 501
  • Page 502 502
  • Page 503 503
  • Page 504 504
  • Page 505 505
  • Page 506 506
  • Page 507 507
  • Page 508 508
  • Page 509 509
  • Page 510 510
  • Page 511 511
  • Page 512 512
  • Page 513 513
  • Page 514 514
  • Page 515 515
  • Page 516 516
  • Page 517 517
  • Page 518 518
  • Page 519 519
  • Page 520 520

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI