User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD
(General Deployment)
First Published: 2020-01-15
Last Modified: 2020-12-10
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright ©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1721R)
©2020 Cisco Systems, Inc. All rights reserved.
CONTENTS
Introduction to the Product and the Release 1
CHAPTER 1
Introduction to the Web Security Appliance 1
What’s New in AsyncOS 12.5 1
Related Topics 3
Using the Appliance Web Interface 3
Web Interface Browser Requirements 3
Enabling Access to the Web Interface on Virtual Appliances 4
Accessing the Appliance Web Interface 5
Committing Changes in the Web Interface 6
Clearing Changes in the Web Interface 6
Supported Languages 6
The Cisco SensorBase Network 7
SensorBase Benefits and Privacy 7
Enabling Participation in The Cisco SensorBase Network 7
Connect, Install, and Configure 9
CHAPTER 2
Overview of Connect, Install, and Configure 9
Comparison of Modes of Operation 10
Task Overview for Connecting, Installing, and Configuring 13
Connecting the Appliance 13
Gathering Setup Information 15
System Setup Wizard 17
System Setup Wizard Reference Information 18
Network / System Settings 18
Network / Network Context 19
Network / Cloud Connector Settings 20
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
iii
Network / Network Interfaces and Wiring 20
Network / Layer 4 Traffic Monitor Wiring 21
Network / Routes for Management and Data Traffic 21
Network / Transparent Connection Settings 21
Network /Administrative Settings 22
Security / Security Settings 23
Upstream Proxies 23
Upstream Proxies Task Overview 24
Creating Proxy Groups for Upstream Proxies 24
Network Interfaces 25
IP Address Versions 25
Enabling or Changing Network Interfaces 26
Configuring Failover Groups for High Availability 27
Add Failover Group 28
Edit High Availability Global Settings 29
View Status of Failover Groups 29
Using the P2 Data Interface for Web Proxy Data 29
Configuring TCP/IP Traffic Routes 30
Outbound Services Traffic 31
Modifying the Default Route 32
Adding a Route 32
Saving and Loading Routing Tables 32
Deleting a Route 32
Configuring Transparent Redirection 33
Specifying a Transparent Redirection Device 33
Using An L4 Switch 33
Configuring WCCP Services 34
Increasing Interface Capacity Using VLANs 38
Configuring and Managing VLANs 38
Redirect Hostname and System Hostname 41
Changing the Redirect Hostname 41
Changing the System Hostname 41
Configuring SMTP Relay Host Settings 41
Configuring an SMTP Relay Host 42
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
iv
Contents
DNS Settings 42
Split DNS 43
Clearing the DNS Cache 43
Editing DNS Settings 43
Troubleshooting Connect, Install, and Configure 44
Connect the Appliance to a Cisco Cloud Web Security Proxy 45
CHAPTER 3
How to Configure and Use Features in Cloud Connector Mode 45
Deployment in Cloud Connector Mode 45
Configuring the Cloud Connector 46
Controlling Web Access Using Directory Groups in the Cloud 49
Bypassing the Cloud Proxy Server 49
Partial Support for FTP and HTTPS in Cloud Connector Mode 49
Preventing Loss of Secure Data 50
Viewing Group and User Names and IP Addresses 50
Subscribing to Cloud Connector Logs 50
Identification Profiles and Authentication with Cloud Web Security Connector 51
Identifying Machines for Policy Application 51
Guest Access for Unauthenticated Users 52
Intercepting Web Requests 53
CHAPTER 4
Overview of Intercepting Web Requests 53
Tasks for Intercepting Web Requests 53
Best Practices for Intercepting Web Requests 54
Web Proxy Options for Intercepting Web Requests 55
Configuring Web Proxy Settings 55
Web Proxy Cache 57
Clearing the Web Proxy Cache 58
Removing URLs from the Web Proxy Cache 58
Specifying Domains or URLs that the Web Proxy never Caches 58
Choosing The Web Proxy Cache Mode 59
Web Proxy IP Spoofing 60
Creating IP Spoofing Profiles 61
Web Proxy Custom Headers 62
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
v
Contents
Adding Custom Headers To Web Requests 62
Web Proxy Bypassing 63
Web Proxy Bypassing for Web Requests 63
Configuring Web Proxy Bypassing for Web Requests 63
Configuring Web Proxy Bypassing for Applications 64
Web Proxy Usage Agreement 64
Domain Map 64
Domain Map for Specific Applications 64
Client Options for Redirecting Web Requests 66
Using PAC Files with Client Applications 66
Options For Publishing Proxy Auto-Config (PAC) Files 66
Client Options For Finding Proxy Auto-Config (PAC) Files 67
Automatic PAC File Detection 67
Hosting PAC Files on the Web Security Appliance 67
Specifying PAC Files in Client Applications 68
Configuring a PAC File Location Manually in Clients 68
Detecting the PAC File Automatically in Clients 69
FTP Proxy Services 69
Overview of FTP Proxy Services 69
Enabling and Configuring the FTP Proxy 69
SOCKS Proxy Services 71
Overview of SOCKS Proxy Services 71
Enabling Processing of SOCKS Traffic 72
Configuring the SOCKS Proxy 72
Creating SOCKS Policies 72
Troubleshooting Intercepting Requests 73
Acquire End-User Credentials 75
CHAPTER 5
Overview of Acquire End-User Credentials 75
Authentication Task Overview 75
Authentication Best Practices 76
Authentication Planning 76
Active Directory/Kerberos 77
Active Directory/Basic 78
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
vi
Contents
Active Directory/NTLMSSP 79
LDAP/Basic 79
Identifying Users Transparently 80
Understanding Transparent User Identification 80
Rules and Guidelines for Transparent User Identification 82
Configuring Transparent User Identification 83
Using the CLI to Configure Advanced Transparent User Identification Settings 83
Configuring Single-Sign-on 84
Creating a Service Account in Windows Active Directory for Kerberos Authentication in High
Availability Deployments 84
Authentication Realms 86
External Authentication 86
Configuring External Authentication through an LDAP Server 87
Enabling RADIUS External Authentication 87
Creating an Active Directory Realm for Kerberos Authentication Scheme 87
How to Create an Active Directory Authentication Realm (NTLMSSP and Basic) 91
Prerequisites for Creating an Active Directory Authentication Realm (NTLMSSP and Basic)
91
About Using Multiple NTLM Realms and Domains 91
Creating an Active Directory Authentication Realm (NTLMSSP and Basic) 92
Creating an LDAP Authentication Realm 93
Using Multiple NTLM Realms and Domains 98
About Deleting Authentication Realms 98
Configuring Global Authentication Settings 98
Authentication Sequences 103
About Authentication Sequences 103
Creating Authentication Sequences 104
Editing And Reordering Authentication Sequences 105
Deleting Authentication Sequences 105
Failed Authentication 105
About Failed Authentication 105
Bypassing Authentication with Problematic User Agents 106
Bypassing Authentication 107
Permitting Unauthenticated Traffic While Authentication Service is Unavailable 108
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
vii
Contents
Granting Guest Access After Failed Authentication 108
Define an Identification Profile that Supports Guest Access 108
Use an Identification Profile that Supports Guest Access in a Policy 108
Configure How Guest User Details are Logged 109
Failed Authorization: Allowing Re-Authentication with Different Credentials 109
About Allowing Re-Authentication with Different Credentials 109
Allowing Re-Authentication with Different Credentials 110
Tracking Identified Users 110
Supported Authentication Surrogates for Explicit Requests 110
Supported Authentication Surrogates for Transparent Requests 110
Tracking Re-Authenticated Users 111
Credentials 111
Tracking Credentials for Reuse During a Session 112
Authentication and Authorization Failures 112
Credential Format 112
Credential Encryption for Basic Authentication 113
About Credential Encryption for Basic Authentication 113
Configuring Credential Encryption 113
Troubleshooting Authentication 113
Classify End-Users for Policy Application 115
CHAPTER 6
Overview of Classify Users and Client Software 115
Classify Users and Client Software: Best Practices 116
Identification Profile Criteria 116
Classifying Users and Client Software 117
Enable/Disable an Identity 122
Identification Profiles and Authentication 123
Troubleshooting Identification Profiles 124
SaaS Access Control 125
CHAPTER 7
Overview of SaaS Access Control 125
Configuring the Appliance as an Identity Provider 126
Using SaaS Access Control and Multiple Appliances 127
Creating SaaS Application Authentication Policies 128
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
viii
Contents
Configuring End-user Access to the Single Sign-on URL 130
Integrate the Cisco Identity Services Engine (ISE) / ISE Passive Identity Controller (ISE-PIC) 131
CHAPTER 8
Overview of the Identity Services Engine (ISE) / ISE Passive Identity Controller (ISE-PIC) Service
131
About pxGrid 133
About the ISE/ISE-PIC Server Deployment and Failover 133
ISE/ISE-PIC Certificates 134
Using Self-signed Certificates 134
Using CA-signed Certificates 134
Fallback Authentication 135
Tasks for Integrating the ISE/ISE-PIC Service 135
Generating Certificate through ISE/ISE-PIC 136
Configuring ISE/ISE-PIC server for Web Security Appliance Access 137
Connect to the ISE/ISE-PIC Services 137
Import the Self-signed Web Security Appliance Client Certificate to ISE/ISE-PIC Standalone
Deployment 139
Import the Self-signed Web Security Appliance Client Certificate to ISE/ISE-PIC Distributed
Deployment 140
Configuring logging for ISE/ISE-PIC 141
Acquiring ISE/ISE-PIC ERS Server Details from ISE/ISE-PIC 142
VDI (Virtual Desktop Infrastructure) User Authentication in ISE/ISE-PIC Integrations 142
Troubleshooting Identity Services Engine Problems 143
Classify URLs for Policy Application 145
CHAPTER 9
Overview of Categorizing URL Transactions 145
Categorization of Failed URL Transactions 146
Enabling the Dynamic Content Analysis Engine 146
Uncategorized URLs 146
Matching URLs to URL Categories 147
Reporting Uncategorized and Misclassified URLs 147
URL Categories Database 147
Configuring the URL Filtering Engine 148
Managing Updates to the Set of URL Categories 148
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
ix
Contents
Understanding the Impacts of URL Category Set Updates 149
Effects of URL Category Set Changes on Policy Group Membership 149
Effects of URL Category Set Updates on Filtering Actions in Policies 149
Merged Categories - Examples 152
Controlling Updates to the URL Category Set 152
Manually Updating the URL Category Set 153
Default Settings for New and Changed Categories 153
Verifying Existing Settings and/or Making Changes 153
Receiving Alerts About Category and Policy Changes 154
Responding to Alerts about URL Category Set Updates 154
Filtering Transactions Using URL Categories 154
Configuring URL Filters for Access Policy Groups 155
Exceptions to Blocking for Embedded and Referred Content 156
Configuring URL Filters for Decryption Policy Groups 158
Configuring URL Filters for Data Security Policy Groups 159
YouTube Categorization 160
Enabling the YouTube Categorization Feature 161
Creating and Editing Custom URL Categories 162
Address Formats and Feed-file Formats for Custom and External URL Categories 166
External Feed-file Formats 167
Filtering Adult Content 168
Enforcing Safe Searches and Site Content Ratings 169
Logging Adult Content Access 170
Redirecting Traffic in the Access Policies 170
Logging and Reporting 171
Warning Users and Allowing Them to Continue 171
Configuring Settings for the End-User Filtering Warning Page 171
Creating Time Based URL Filters 172
Viewing URL Filtering Activity 173
Understanding Unfiltered and Uncategorized Data 173
URL Category Logging in Access Logs 173
Regular Expressions 173
Forming Regular Expressions 174
Guidelines for Avoiding Validation Failures 174
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
x
Contents
Regular Expression Character Table 176
URL Category Descriptions 177
Create Policies to Control Internet Requests 193
CHAPTER 10
Overview of Policies: Control Intercepted Internet Requests 193
Intercepted HTTP/HTTPS Request Processing 194
Managing Web Requests Through Policies Task Overview 195
Managing Web Requests Through Policies Best Practices 195
Policies 195
Policy Types 195
Policy Order 198
Creating a Policy 199
Adding and Editing Secure Group Tags for a Policy 202
Adding Routing Destination and IP Spoofing Profile to Routing Policy 203
Policy Configuration 204
Access Policies: Blocking Objects 205
Archive Inspection Settings 208
Block, Allow, or Redirect Transaction Requests 209
Client Applications 210
About Client Applications 210
Using Client Applications in Policies 211
Defining Policy Membership Using Client Applications 211
Defining Policy Control Settings Using Client Applications 211
Exempting Client Applications from Authentication 212
Time Ranges and Quotas 212
Time Ranges for Policies and Acceptable Use Controls 212
Creating a Time Range 212
Time and Volume Quotas 213
Volume Quota Calculations 214
Time Quota Calculations 214
Defining Time and Volume Quotas 214
Access Control by URL Category 215
Using URL Categories to Identify Web Requests 215
Using URL Categories to Action Web Request 215
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
xi
Contents
Remote Users 216
About Remote Users 216
How to Configure Identification of Remote Users 217
Configuring Identification of Remote Users 217
Display Remote User Status and Statistics for ASAs 218
Troubleshooting Policies 219
Create Decryption Policies to Control HTTPS Traffic 221
CHAPTER 11
Overview of Create Decryption Policies to Control HTTPS Traffic 221
Managing HTTPS Traffic through Decryption Policies Task Overview 222
Managing HTTPS Traffic through Decryption Policies Best Practices 222
Decryption Policies 222
Enabling the HTTPS Proxy 224
Controlling HTTPS Traffic 225
Configuring Decryption Options 227
Authentication and HTTPS Connections 228
Root Certificates 228
Managing Certificate Validation and Decryption for HTTPS 229
Valid Certificates 229
Invalid Certificate Handling 230
Uploading a Root Certificate and Key 230
Generating a Certificate and Key for the HTTPS Proxy 231
Configuring Invalid Certificate Handling 231
Options for Certificate Revocation Status Checking 232
Enabling Real-Time Revocation Status Checking 232
Trusted Root Certificates 233
Adding Certificates to the Trusted List 233
Removing Certificates from the Trusted List 234
Routing HTTPS Traffic 234
Troubleshooting Decryption/HTTPS/Certificates 234
Scan Outbound Traffic for Existing Infections 235
CHAPTER 12
Overview of Scanning Outbound Traffic 235
User Experience When Requests Are Blocked by the DVS Engine 235
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
xii
Contents
Understanding Upload Requests 236
Criteria for Group Membership 236
Matching Client Requests to Outbound Malware Scanning Policy Groups 236
Creating Outbound Malware Scanning Policies 237
Controlling Upload Requests 238
Logging of DVS Scanning 239
Configuring Security Services 241
CHAPTER 13
Overview of Configuring Security Services 241
Overview of Web Reputation Filters 242
Web Reputation Scores 242
Understanding How Web Reputation Filtering Works 242
Web Reputation in Access Policies 243
Web Reputation in Decryption Policies 243
Web Reputation in Cisco Data Security Policies 244
Overview of Anti-Malware Scanning 244
Understanding How the DVS Engine Works 244
Working with Multiple Malware Verdicts 244
Webroot Scanning 245
McAfee Scanning 245
Matching Virus Signature Patterns 246
Heuristic Analysis 246
McAfee Categories 246
Sophos Scanning 246
Understanding Adaptive Scanning 246
Adaptive Scanning and Access Policies 247
Enabling Anti-Malware and Reputation Filters 247
Clearing the Advanced Malware Protection Services Cache 248
Configuring Anti-Malware and Reputation in Policies 249
Anti-Malware and Reputation Settings in Access Policies 249
Configuring Anti-Malware and Reputation Settings with Adaptive Scanning Enabled 250
Configuring Anti-Malware and Reputation Settings with Adaptive Scanning Disabled 251
Configuring Web Reputation Scores 252
Configuring Web Reputation Score Thresholds for Access Policies 252
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
xiii
Contents
Configuring Web Reputation Filter Settings for Decryption Policy Groups 252
Configuring Web Reputation Filter Settings for Data Security Policy Groups 253
Integrating the Appliance with AMP for Endpoints Console 253
Maintaining the Database Tables 255
The Web Reputation Database 255
Logging of Web Reputation Filtering Activity and DVS Scanning 255
Logging Adaptive Scanning 256
Caching 256
Malware Category Descriptions 256
File Reputation Filtering and File Analysis 259
CHAPTER 14
Overview of File Reputation Filtering and File Analysis 259
File Threat Verdict Updates 259
File Processing Overview 260
Supported Files for File Reputation and Analysis Services 261
Archive or Compressed File Processing 262
Privacy of Information Sent to the Cloud 263
Configuring File Reputation and Analysis Features 263
Requirements for Communication with File Reputation and Analysis Services 263
Routing Traffic to File Reputation and File Analysis Servers Through a Data Interface 264
Configuring an On-premises File Reputation Server 265
Configuring an On-Premises File Analysis Server 265
Enabling and Configuring File Reputation and Analysis Services 266
Important! Changes Needed in File Analysis Setting 270
(Public Cloud File Analysis Services Only) Configuring Appliance Groups 270
Which Appliances Are In the Analysis Group? 271
Configuring File Reputation and Analysis Service Action Per Access Policy 271
Ensuring That You Receive Alerts About Advanced Malware Protection Issues 272
Configuring Centralized Reporting for Advanced Malware Protection Features 272
File Reputation and File Analysis Reporting and Tracking 273
Identifying Files by SHA-256 Hash 273
File Reputation and File Analysis Report Pages 273
Viewing File Reputation Filtering Data in Other Reports 274
About Web Tracking and Advanced Malware Protection Features 274
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
xiv
Contents
Taking Action When File Threat Verdicts Change 275
Troubleshooting File Reputation and Analysis 276
Log Files 276
Several Alerts About Failure to Connect to File Reputation or File Analysis Servers 276
API Key Error (On-Premises File Analysis) 276
Files are Not Uploaded As Expected 277
File Analysis Details in the Cloud Are Incomplete 277
Alerts about File Types That Can Be Sent for Analysis 277
Managing Access to Web Applications 279
CHAPTER 15
Overview of Managing Access to Web Applications 279
Enabling the AVC Engine 280
AVC Engine Updates and Default Actions 280
User Experience When Requests Are Blocked by the AVC Engine 281
Policy Application Control Settings 281
Range Request Settings 282
Rules and Guidelines for Configuring Application Control 282
Configuring Application Control Settings in an Access Policy Group 283
Controlling Bandwidth 284
Configuring Overall Bandwidth Limits 284
Configuring User Bandwidth Limits 285
Configuring the Default Bandwidth Limit for an Application Type 285
Overriding the Default Bandwidth Limit for an Application Type 285
Configuring Bandwidth Controls for an Application 286
Controlling Instant Messaging Traffic 286
Viewing AVC Activity 287
AVC Information in Access Log File 287
Prevent Loss of Sensitive Data 289
CHAPTER 16
Overview of Prevent Loss of Sensitive Data 289
Bypassing Upload Requests Below a Minimum Size 290
User Experience When Requests Are Blocked As Sensitive Data 290
Managing Upload Requests 291
Managing Upload Requests on an External DLP System 291
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
xv
Contents
Evaluating Data Security and External DLP Policy Group Membership 292
Matching Client Requests to Data Security and External DLP Policy Groups 292
Creating Data Security and External DLP Policies 293
Managing Settings for Upload Requests 295
URL Categories 295
Web Reputation 296
Content Blocking 296
Defining External DLP Systems 296
Configuring External DLP Servers 297
Controlling Upload Requests Using External DLP Policies 299
Logging of Data Loss Prevention Scanning 299
Notify End-Users of Proxy Actions 301
CHAPTER 17
End-User Notifications Overview 301
Configuring General Settings for Notification Pages 302
End-User Acknowledgment Page 302
Access HTTPS and FTP Sites with the End-User Acknowledgment Page 303
About the End-user Acknowledgment Page 303
Configuring the End-User Acknowledgment Page 304
End-User Notification Pages 305
Configuring On-Box End-User Notification Pages 306
Off-Box End-User Notification Pages 307
Displaying the Correct Off-Box Page Based on the Reason for Blocking Access 307
URL Criteria for Off-Box Notification Pages 307
Off-Box End-User Notification Page Parameters 308
Redirecting End-User Notification Pages to a Custom URL (Off-Box) 309
Configuring the End-User URL Filtering Warning Page 309
Configuring FTP Notification Messages 310
Custom Messages on Notification Pages 310
Supported HTML Tags in Custom Messages on Notification Pages 310
Caveats for URLs and Logos in Notification Pages 311
Editing Notification Page HTML Files Directly 312
Requirements for Editing Notification HTML Files Directly 312
Editing Notification HTML Files Directly 312
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
xvi
Contents
Using Variables in Notification HTML Files 313
Variables for Customizing Notification HTML Files 314
Notification Page Types 316
Generate Reports to Monitor End-user Activity 325
CHAPTER 18
Overview of Reporting 325
Working with Usernames in Reports 325
Report Pages 326
Using the Reporting Pages 326
Changing the Time Range 327
Choosing a Time Range for Reports 327
Searching Data 328
Choosing Which Data to Chart 328
Custom Reports 329
Modules That Cannot Be Added to Custom Reports 329
Creating Your Custom Report Page 329
Subdomains vs. Second-level Domains in Reporting and Tracking 330
Printing and Exporting Reports from Report Pages 330
Exporting Report Data 330
Using the Interactive Report Pages on the New Web Interface 331
Enabling Reporting 332
Scheduling Reports 332
Adding a Scheduled Report 333
Editing Scheduled Reports 333
Deleting Scheduled Reports 334
Generating Reports On Demand 334
Archived Reports 334
Troubleshooting L4 Traffic Monitor Reports 335
Web Security Appliance Reports 337
CHAPTER 19
Overview Page 337
Users Page 339
User Details Page 339
User Count Page 340
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
xvii
Contents
Web Sites Page 340
URL Categories Page 340
URL Category Set Updates and Reports 341
Application Visibility Page 341
Anti-Malware Page 342
Malware Category Report Page 342
Malware Threat Report Page 342
Advanced Malware Protection Page 343
File Analysis Page 343
AMP Verdict Updates Page 343
Client Malware Risk Page 343
Client Detail Page for Web Proxy - Clients by Malware Risk 343
Web Reputation Filters Page 344
L4 Traffic Monitor Page 344
SOCKS Proxy Page 345
Reports by User Location Page 345
Web Tracking Page 346
Searching for Transactions Processed by the Web Proxy 346
Searching for Transactions Processed by the L4 Traffic Monitor 348
Searching for Transactions Processed by the SOCKS Proxy 349
System Capacity Page 349
System Status Page 349
Web Security Appliance Reports on the New Web Interface 353
CHAPTER 20
Understanding the Web Reporting Pages on the New Web Interface 353
About Time Spent 355
Overview Page 356
Application Visibility Page 357
Layer 4 Traffic Monitor Page 359
SOCKS Proxy Page 361
URL Categories Page 362
Reducing Uncategorized URLs 363
URL Category Set Updates and Reports 363
Using The URL Categories Page in Conjunction with Other Reporting Pages 363
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
xviii
Contents
Reporting Misclassified and Uncategorized URLs 364
HTTPS Reports Page 364
Users Page 365
User Details Page (Web Reporting) 366
Web Sites Page 368
Advanced Malware Protection Page 369
Advanced Malware Protection - AMP Summary Page 370
Advanced Malware Protection - File Analysis Page 370
Anti-Malware Page 371
Malware Category Report Page 372
Malware Threat Report 372
Malware Category Descriptions 372
Client Malware Risks Page 374
Web Reputation Filters Page 374
(Web Reports Only) Choosing Which Data to Chart 376
Web Tracking on the New Web Interface 377
Searching for Transactions Processed by Web Proxy Services 377
Malware Category Descriptions 379
Searching for Transactions Processed by the Layer 4 Traffic Monitor 381
Searching for Transactions Processed by the SOCKS Proxy 381
Working with Web Tracking Search Results 381
Displaying More Web Tracking Search Results 382
Understanding Web Tracking Search Results 382
Viewing Transaction Details for Web Tracking Search Results 382
About Web Tracking and Upgrades 383
Scheduling and Archiving Web Reports on the New Web Interface 383
Scheduling Web Reports on the New Web Interface 383
Adding Scheduled Web Reports on the New Web Interface 383
Editing Scheduled Web Reports on the New Web Interface 384
Deleting Scheduled Web Reports on the New Web Interface 384
Archiving Web Reports on the New Web Interface 384
[New Web Interface] Generating Web Reports on Demand 384
System Status Page on the New Web Interface 385
Status 386
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
xix
Contents
Services 387
Detecting Rogue Traffic on Non-Standard Ports 391
CHAPTER 21
Overview of Detecting Rogue Traffic 391
Configuring the L4 Traffic Monitor 391
List of Known Sites 392
Configuring L4 Traffic Monitor Global Settings 392
Updating L4 Traffic Monitor Anti-Malware Rules 393
Creating a Policy to Detect Rogue Traffic 393
Valid Formats 394
Viewing L4 Traffic Monitor Activity 394
Monitoring Activity and Viewing Summary Statistics 394
L4 Traffic Monitor Log File Entries 395
Monitor System Activity Through Logs 397
CHAPTER 22
Overview of Logging 397
Common Tasks for Logging 398
Best Practices for Logging 398
Troubleshooting Web Proxy Issues Using Logs 398
Log File Types 399
Adding and Editing Log Subscriptions 404
Deanonymizing W3C Log Fields 408
Pushing Log Files to Another Server 409
Archiving Log Files 409
Log File Names and Appliance Directory Structure 410
Reading and Interpreting Log Files 410
Viewing Log Files 411
Web Proxy Information in Access Log Files 411
Transaction Result Codes 415
ACL Decision Tags 416
Interpreting Access Log Scanning Verdict Entries 421
W3C Compliant Access Log Files 428
W3C Field Types 428
Interpreting W3C Access Logs 428
User Guide for AsyncOS 12.5 for Cisco Web Security Appliances - GD (General Deployment)
xx
Contents
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182
  • Page 183 183
  • Page 184 184
  • Page 185 185
  • Page 186 186
  • Page 187 187
  • Page 188 188
  • Page 189 189
  • Page 190 190
  • Page 191 191
  • Page 192 192
  • Page 193 193
  • Page 194 194
  • Page 195 195
  • Page 196 196
  • Page 197 197
  • Page 198 198
  • Page 199 199
  • Page 200 200
  • Page 201 201
  • Page 202 202
  • Page 203 203
  • Page 204 204
  • Page 205 205
  • Page 206 206
  • Page 207 207
  • Page 208 208
  • Page 209 209
  • Page 210 210
  • Page 211 211
  • Page 212 212
  • Page 213 213
  • Page 214 214
  • Page 215 215
  • Page 216 216
  • Page 217 217
  • Page 218 218
  • Page 219 219
  • Page 220 220
  • Page 221 221
  • Page 222 222
  • Page 223 223
  • Page 224 224
  • Page 225 225
  • Page 226 226
  • Page 227 227
  • Page 228 228
  • Page 229 229
  • Page 230 230
  • Page 231 231
  • Page 232 232
  • Page 233 233
  • Page 234 234
  • Page 235 235
  • Page 236 236
  • Page 237 237
  • Page 238 238
  • Page 239 239
  • Page 240 240
  • Page 241 241
  • Page 242 242
  • Page 243 243
  • Page 244 244
  • Page 245 245
  • Page 246 246
  • Page 247 247
  • Page 248 248
  • Page 249 249
  • Page 250 250
  • Page 251 251
  • Page 252 252
  • Page 253 253
  • Page 254 254
  • Page 255 255
  • Page 256 256
  • Page 257 257
  • Page 258 258
  • Page 259 259
  • Page 260 260
  • Page 261 261
  • Page 262 262
  • Page 263 263
  • Page 264 264
  • Page 265 265
  • Page 266 266
  • Page 267 267
  • Page 268 268
  • Page 269 269
  • Page 270 270
  • Page 271 271
  • Page 272 272
  • Page 273 273
  • Page 274 274
  • Page 275 275
  • Page 276 276
  • Page 277 277
  • Page 278 278
  • Page 279 279
  • Page 280 280
  • Page 281 281
  • Page 282 282
  • Page 283 283
  • Page 284 284
  • Page 285 285
  • Page 286 286
  • Page 287 287
  • Page 288 288
  • Page 289 289
  • Page 290 290
  • Page 291 291
  • Page 292 292
  • Page 293 293
  • Page 294 294
  • Page 295 295
  • Page 296 296
  • Page 297 297
  • Page 298 298
  • Page 299 299
  • Page 300 300
  • Page 301 301
  • Page 302 302
  • Page 303 303
  • Page 304 304
  • Page 305 305
  • Page 306 306
  • Page 307 307
  • Page 308 308
  • Page 309 309
  • Page 310 310
  • Page 311 311
  • Page 312 312
  • Page 313 313
  • Page 314 314
  • Page 315 315
  • Page 316 316
  • Page 317 317
  • Page 318 318
  • Page 319 319
  • Page 320 320
  • Page 321 321
  • Page 322 322
  • Page 323 323
  • Page 324 324
  • Page 325 325
  • Page 326 326
  • Page 327 327
  • Page 328 328
  • Page 329 329
  • Page 330 330
  • Page 331 331
  • Page 332 332
  • Page 333 333
  • Page 334 334
  • Page 335 335
  • Page 336 336
  • Page 337 337
  • Page 338 338
  • Page 339 339
  • Page 340 340
  • Page 341 341
  • Page 342 342
  • Page 343 343
  • Page 344 344
  • Page 345 345
  • Page 346 346
  • Page 347 347
  • Page 348 348
  • Page 349 349
  • Page 350 350
  • Page 351 351
  • Page 352 352
  • Page 353 353
  • Page 354 354
  • Page 355 355
  • Page 356 356
  • Page 357 357
  • Page 358 358
  • Page 359 359
  • Page 360 360
  • Page 361 361
  • Page 362 362
  • Page 363 363
  • Page 364 364
  • Page 365 365
  • Page 366 366
  • Page 367 367
  • Page 368 368
  • Page 369 369
  • Page 370 370
  • Page 371 371
  • Page 372 372
  • Page 373 373
  • Page 374 374
  • Page 375 375
  • Page 376 376
  • Page 377 377
  • Page 378 378
  • Page 379 379
  • Page 380 380
  • Page 381 381
  • Page 382 382
  • Page 383 383
  • Page 384 384
  • Page 385 385
  • Page 386 386
  • Page 387 387
  • Page 388 388
  • Page 389 389
  • Page 390 390
  • Page 391 391
  • Page 392 392
  • Page 393 393
  • Page 394 394
  • Page 395 395
  • Page 396 396
  • Page 397 397
  • Page 398 398
  • Page 399 399
  • Page 400 400
  • Page 401 401
  • Page 402 402
  • Page 403 403
  • Page 404 404
  • Page 405 405
  • Page 406 406
  • Page 407 407
  • Page 408 408
  • Page 409 409
  • Page 410 410
  • Page 411 411
  • Page 412 412
  • Page 413 413
  • Page 414 414
  • Page 415 415
  • Page 416 416
  • Page 417 417
  • Page 418 418
  • Page 419 419
  • Page 420 420
  • Page 421 421
  • Page 422 422
  • Page 423 423
  • Page 424 424
  • Page 425 425
  • Page 426 426
  • Page 427 427
  • Page 428 428
  • Page 429 429
  • Page 430 430
  • Page 431 431
  • Page 432 432
  • Page 433 433
  • Page 434 434
  • Page 435 435
  • Page 436 436
  • Page 437 437
  • Page 438 438
  • Page 439 439
  • Page 440 440
  • Page 441 441
  • Page 442 442
  • Page 443 443
  • Page 444 444
  • Page 445 445
  • Page 446 446
  • Page 447 447
  • Page 448 448
  • Page 449 449
  • Page 450 450
  • Page 451 451
  • Page 452 452
  • Page 453 453
  • Page 454 454
  • Page 455 455
  • Page 456 456
  • Page 457 457
  • Page 458 458
  • Page 459 459
  • Page 460 460
  • Page 461 461
  • Page 462 462
  • Page 463 463
  • Page 464 464
  • Page 465 465
  • Page 466 466
  • Page 467 467
  • Page 468 468
  • Page 469 469
  • Page 470 470
  • Page 471 471
  • Page 472 472
  • Page 473 473
  • Page 474 474
  • Page 475 475
  • Page 476 476
  • Page 477 477
  • Page 478 478
  • Page 479 479
  • Page 480 480
  • Page 481 481
  • Page 482 482
  • Page 483 483
  • Page 484 484
  • Page 485 485
  • Page 486 486
  • Page 487 487
  • Page 488 488
  • Page 489 489
  • Page 490 490
  • Page 491 491
  • Page 492 492
  • Page 493 493
  • Page 494 494
  • Page 495 495
  • Page 496 496
  • Page 497 497
  • Page 498 498
  • Page 499 499
  • Page 500 500
  • Page 501 501
  • Page 502 502
  • Page 503 503
  • Page 504 504
  • Page 505 505
  • Page 506 506
  • Page 507 507
  • Page 508 508
  • Page 509 509
  • Page 510 510
  • Page 511 511
  • Page 512 512
  • Page 513 513
  • Page 514 514
  • Page 515 515
  • Page 516 516
  • Page 517 517
  • Page 518 518
  • Page 519 519
  • Page 520 520
  • Page 521 521
  • Page 522 522
  • Page 523 523
  • Page 524 524
  • Page 525 525
  • Page 526 526
  • Page 527 527
  • Page 528 528
  • Page 529 529
  • Page 530 530
  • Page 531 531
  • Page 532 532
  • Page 533 533
  • Page 534 534
  • Page 535 535
  • Page 536 536
  • Page 537 537
  • Page 538 538
  • Page 539 539
  • Page 540 540
  • Page 541 541
  • Page 542 542
  • Page 543 543
  • Page 544 544
  • Page 545 545
  • Page 546 546
  • Page 547 547
  • Page 548 548
  • Page 549 549
  • Page 550 550
  • Page 551 551
  • Page 552 552
  • Page 553 553
  • Page 554 554
  • Page 555 555
  • Page 556 556
  • Page 557 557
  • Page 558 558
  • Page 559 559
  • Page 560 560
  • Page 561 561
  • Page 562 562
  • Page 563 563
  • Page 564 564
  • Page 565 565
  • Page 566 566
  • Page 567 567
  • Page 568 568
  • Page 569 569
  • Page 570 570
  • Page 571 571
  • Page 572 572
  • Page 573 573
  • Page 574 574
  • Page 575 575
  • Page 576 576
  • Page 577 577
  • Page 578 578
  • Page 579 579
  • Page 580 580
  • Page 581 581
  • Page 582 582
  • Page 583 583
  • Page 584 584
  • Page 585 585
  • Page 586 586
  • Page 587 587
  • Page 588 588
  • Page 589 589
  • Page 590 590
  • Page 591 591
  • Page 592 592
  • Page 593 593
  • Page 594 594
  • Page 595 595
  • Page 596 596
  • Page 597 597
  • Page 598 598
  • Page 599 599
  • Page 600 600
  • Page 601 601
  • Page 602 602
  • Page 603 603
  • Page 604 604
  • Page 605 605
  • Page 606 606
  • Page 607 607
  • Page 608 608
  • Page 609 609
  • Page 610 610
  • Page 611 611
  • Page 612 612
  • Page 613 613
  • Page 614 614
  • Page 615 615
  • Page 616 616

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI