Cisco Systems ASA 5580 Webcam User Manual


 
CHAPTER
25-1
Cisco ASA Series Firewall ASDM Configuration Guide
25
Configuring the ASA for Cisco Cloud Web
Security
Cisco Cloud Web Security provides web security and web filtering services through the
Software-as-a-Service (SaaS) model. Enterprises with the ASA in their network can use Cloud Web
Security services without having to install additional hardware.
When Cloud Web Security is enabled on the ASA, the ASA transparently redirects selected HTTP and
HTTPS traffic to the Cloud Web Security proxy servers. The Cloud Web Security proxy servers then scan
the content and allow, block, or send a warning about the traffic based on the policy configured in Cisco
ScanCenter to enforce acceptable use and to protect users from malware.
The ASA can optionally authenticate and identify users with Identity Firewall (IDFW) and AAA rules.
The ASA encrypts and includes the user credentials (including usernames and/or user groups) in the
traffic it redirects to Cloud Web Security. The Cloud Web Security service then uses the user credentials
to match the traffic to the policy. It also uses these credentials for user-based reporting. Without user
authentication, the ASA can supply an (optional) default username and/or group, although usernames
and groups are not required for the Cloud Web Security service to apply policy.
You can customize the traffic you want to send to Cloud Web Security when you create your service
policy rules. You can also configure a “whitelist” so that a subset of web traffic that matches the service
policy rule instead goes directly to the originally requested web server and is not scanned by Cloud Web
Security.
You can configure a primary and a backup Cloud Web Security proxy server, each of which the ASA
polls regularly to check for availability.
Note This feature is also called “ScanSafe,” so the ScanSafe name appears in some commands.