Filter
Top Products
25-10
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 25 Configuring the ASA for Cisco Cloud Web Security
Configuring Cisco Cloud Web Security
Note You must configure a route pointing to the Scansafe towers in both; the admin context and the specific
context. This ensures that the Scansafe tower does not become unreachable in the Active/Active failover
scenario.
The following sample configuration enables Cloud Web Security in context one with the default license
and in context two with the license key override:
! System Context
!
scansafe general-options
server primary ip 180.24.0.62 port 8080
retry-count 5
license 366C1D3F5CE67D33D3E9ACEC265261E5
!
context one
allocate-interface GigabitEthernet0/0.1
allocate-interface GigabitEthernet0/1.1
allocate-interface GigabitEthernet0/3.1
scansafe
config-url disk0:/one_ctx.cfg
!
context two
allocate-interface GigabitEthernet0/0.2
allocate-interface GigabitEthernet0/1.2
allocate-interface GigabitEthernet0/3.2
scansafe license 366C1D3F5CE67D33D3E9ACEC26789534
config-url disk0:/two_ctx.cfg
!
Configuring a Service Policy to Send Traffic to Cloud Web Security
See Chapter 1, “Configuring a Service Policy Using the Modular Policy Framework,” for more
information about service policy rules.
Prerequisites
(Optional) If you need to use a whitelist to exempt some traffic from being sent to Cloud Web Security,
first create the whitelist according to the “(Optional) Configuring Whitelisted Traffic” section on
page 25-15 so you can refer to the whitelist in your service policy rule.