Cisco WSA Policies
In this and other posts we’ll discuss the Cisco Web Security Appliance. This is the blog agenda:
Part 1: Introduction
Part 2: Installing
Part 3: Deploying Proxy Services
Part 4: Policies
Part 5: Acceptable use & HTTPS Inspection
Part 6: Authentication
Part 7: Defending malware
This is the 4th part of the series.
Creating policies is one the major (en most fun) part of the WSA. In this blog I’ll cover the configuration of access policies and identities.
Click Web Security Manager > Access Policies
Only one policy can be applied. This is based on first match (top-down). If no policy matches, the Global Policy will be used.
First, you have to create a identity. An identity doesn’t identify a user, but it identifies a client or transaction that may require authentication. Identity membership is determined before authentication is done. Policy group membership is determined after authentication is performed.
Click Web Security Manager > Identities > add identity and create the identity, based on IP’s ip ranges or IP subnets. Possible identities are:
- Kiosk users
- Update agents
- Company users
Now, go back to Web Security Manager > Access Policies and create a new Policy:
Click on Advanced for filtering, like filtering on category:
If you don’t choose any criteria, the criteria of the Global Policy is used (inherited).