Cisco Systems ASA Services Module Webcam User Manual


 
25-2
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 25 Configuring the ASA for Cisco Cloud Web Security
Information About Cisco Cloud Web Security
This chapter includes the following sections:
Information About Cisco Cloud Web Security, page 25-2
Licensing Requirements for Cisco Cloud Web Security, page 25-6
Prerequisites for Cloud Web Security, page 25-7
Guidelines and Limitations, page 25-7
Default Settings, page 25-8
Configuring Cisco Cloud Web Security, page 25-8
Monitoring Cloud Web Security, page 25-26
Related Documents, page 25-27
Feature History for Cisco Cloud Web Security, page 25-27
Information About Cisco Cloud Web Security
This section includes the following topics:
Redirection of Web Traffic to Cloud Web Security, page 25-2
User Authentication and Cloud Web Security, page 25-2
Authentication Keys, page 25-3
ScanCenter Policy, page 25-4
Cloud Web Security Actions, page 25-5
Bypassing Scanning with Whitelists, page 25-6
IPv4 and IPv6 Support, page 25-6
Failover from Primary to Backup Proxy Server, page 25-6
Redirection of Web Traffic to Cloud Web Security
When an end user sends an HTTP or HTTPS request, the ASA receives it and optionally retrieves the
user and/or group information. If the traffic matches an ASA service policy rule for Cloud Web Security,
then the ASA redirects the request to the Cloud Web Security proxy servers. The ASA acts as an
intermediary between the end user and the Cloud Web Security proxy server by redirecting the
connection to the proxy server. The ASA changes the destination IP address and port in the client
requests and adds Cloud Web Security-specific HTTP headers and then sends the modified request to the
Cloud Web Security proxy server. The Cloud Web Security HTTP headers include various kinds of
information, including the username and user group (if available).
User Authentication and Cloud Web Security
User identity can be used to apply policy in Cloud Web Security. User identity is also useful for Cloud
Web Security reporting. User identity is not required to use Cloud Web Security. There are other methods
to identify traffic for Cloud Web Security policy.