25-23
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 25 Configuring the ASA for Cisco Cloud Web Security
Configuring Cisco Cloud Web Security
User traffic is compared to these rules in order; if this Match rule is first in the list, then all traffic,
including traffic to test_network, will match only that rule and the Do not match rule will never be hit.
If you move the Do not match rule above the Match rule, then traffic to test_network will match the Do
not match rule, and all other traffic will match the Match rule.
Step 13 Repeat the above steps with the following changes: add a new traffic class called “scansafe-https,” and
choose HTTPS for the inspection policy map.
Step 14 Click Apply.
(Optional) Configuring Whitelisted Traffic
If you use user authentication, you can exempt some traffic from being filtered by Cloud Web Security
based on the username and/or groupname. When you configure your Cloud Web Security service policy
rule, you can reference the whitelisting inspection class map. Both IDFW and AAA user credentials can
be used with this feature.
Although you can achieve the same results of exempting traffic based on user or group when you
configure the service policy rule, you might find it more straightforward to use a whitelist instead. Note
that the whitelist feature is only based on user and group, not on IP address.