25-12
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 25 Configuring the ASA for Cisco Cloud Web Security
Configuring Cisco Cloud Web Security
Step 4 On the Protocol Inspection tab, check the Cloud Web Security check box.
Step 5 Click Configure to set the traffic action (fail open or fail close) and add the inspection policy map.
The inspection policy map configures essential parameters for the rule and also optionally identifies the
whitelist. An inspection policy map is required for each class of traffic that you want to send to Cloud
Web Security. You can also pre-configure inspection policy maps from the Configuration > Firewall >
Objects > Inspect Maps > Cloud Web Security pane.
The Select Cloud Web Security Inspect Map dialog box appears.
a. For the Cloud Web Security Traffic Action, choose one:
–
Fail Close—Drops all traffic if the Cloud Web Security servers are unavailable.
–
Fail Open—Allows traffic to pass through the ASA if the Cloud Web Security servers are
unavailable.
b. Choose an existing inspection policy map, or add one using the Add button.
c. Click Add to add a new inspection policy map.
The Add Cloud Web Security Inspect Map dialog box appears.