Transcription
Cisco IronPort AsyncOS 7.1 for WebUser GuideNovember, 2010Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000800 553-NETS (6387)Fax: 408 527-0883Text Part Number: OL-23207-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUTNOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUTARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FORTHEIR APPLICATION OF ANY PRODUCTS.THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATIONPACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TOLOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) aspart of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS AREPROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSEDOR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTALDAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE ORINABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCHDAMAGES.CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase,Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good,Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks;Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card,and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA,CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus,Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast,EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream,Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV,PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo areregistered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not implya partnership relationship between Cisco and any other company. (0910R)Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Anyexamples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only.Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.Cisco IronPort AsyncOS 7.1 for Web User Guide 2010 Cisco Systems, Inc. All rights reserved.
C O N T E N T SCHAPTER1Getting Started with the Web Security Appliance 1-1What’s New in This Release 1-1New Feature: Web Reporting and Web Tracking 1-2New Feature: Centralized Reporting 1-2New Feature: Anonymized Usernames on Reporting Pages 1-3Enhanced: Reports 1-3What’s New in Version 7.0 1-3New Feature: Cisco AnyConnect Secure Mobility 1-3New Feature: Application Visibility and Control 1-4New Feature: Safe Search and Site Content Rating Enforcement 1-5New Feature: Bandwidth Control for Streaming Media 1-5New Feature: HTTP Instant Messaging Controls 1-6New Feature: SaaS Access Control 1-6New Feature: Sophos Anti-Virus Scanning 1-7New Feature: Transparent User Identification for Novell eDirectory 1-7New Feature: Outbound Malware Scanning 1-7New Feature: Application Scanning Bypass 1-8New Feature: Allow User One Login at a Time 1-8New Feature: WBRS Threat Details 1-9New Feature: What’s New In This Release 1-9Enhanced: Per Identity Authentication Settings 1-9Enhanced: PAC File Hosting 1-9Enhanced: Reports 1-10Enhanced: Advancedproxyconfig CLI Command 1-10Cisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-01iii
ContentsEnhanced: Logging 1-10How to Use This Guide 1-11Before You Begin 1-11Typographic Conventions 1-12Where to Find More Information 1-13Documentation Set 1-13IronPort Technical Training 1-13Knowledge Base 1-13Cisco Support Community 1-14Cisco IronPort Customer Support 1-15Third Party Contributors 1-15IronPort Welcomes Your Comments 1-15Web Security Appliance Overview 1-16CHAPTER2Using the Web Security Appliance 2-1How the Web Security Appliance Works 2-1Web Proxy 2-1The L4 Traffic Monitor 2-2Administering the Web Security Appliance 2-2System Setup Wizard 2-3Accessing the Web Security Appliance 2-3Using the Command Line Interface (CLI) 2-4Using an Ethernet Connection 2-4Using a Serial Connection 2-5The SenderBase Network 2-5Sharing Data 2-6Reporting and Logging 2-6Navigating the Web Security Appliance Web Interface 2-7Logging In 2-9Cisco IronPort AsyncOS 7.1 for Web User GuideivOL-23207-01
ContentsBrowser Requirements 2-10Support Languages 2-10Reporting Tab 2-11Web Security Manager Tab 2-11Security Services Tab 2-12Network Tab 2-13System Administration Tab 2-13Committing and Clearing Changes 2-14Committing and Clearing Changes in the Web Interface 2-14Committing Changes 2-15Clearing Changes 2-15Committing and Clearing Changes in the CLI 2-16CHAPTER3Deployment 3-1Deployment Overview 3-1Preparing for Deployment 3-2Appliance Interfaces 3-3Management Interface 3-4Data Interfaces 3-4L4 Traffic Monitor Interfaces 3-5Example Deployment 3-5Deploying the Web Proxy in Explicit Forward Mode 3-6Configuring Client Applications 3-7Connecting Appliance Interfaces 3-7Testing an Explicit Forward Configuration 3-7Deploying the Web Proxy in Transparent Mode 3-7Connecting Appliance Interfaces 3-8Connecting the Appliance to a WCCP Router 3-8Configuring the Web Security Appliance 3-9Cisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-01v
ContentsConfiguring the WCCP Router 3-9Example WCCP Configurations 3-11Example 1 3-11Example 2 3-12Example 3 3-14Working with Multiple Appliances and Routers 3-15Using the Web Security Appliance in an Existing Proxy Environment 3-15Transparent Upstream Proxy 3-15Explicit Forward Upstream Proxy 3-16Deploying the L4 Traffic Monitor 3-16Connecting the L4 Traffic Monitor 3-17Configuring an L4 Traffic Monitor Wiring Type 3-18Physical Dimensions 3-18CHAPTER4Installation and Configuration 4-1Before You Begin 4-1Connecting a Laptop to the Appliance 4-2Connecting the Appliance to the Network 4-2Gathering Setup Information 4-4DNS Support 4-6System Setup Wizard 4-6Accessing the System Setup Wizard 4-8Step 1. Start 4-8Step 2. Network 4-9Step 3. Security 4-22Step 4. Review 4-26CHAPTER5Web Proxy Services 5-1About Web Proxy Services 5-1Cisco IronPort AsyncOS 7.1 for Web User GuideviOL-23207-01
ContentsWeb Proxy Cache 5-2Configuring the Web Proxy 5-3Working with FTP Connections 5-8Using Authentication with Native FTP 5-9Working with Native FTP in Transparent Mode 5-10Configuring FTP Proxy Settings 5-11Bypassing the Web Proxy 5-15How the Proxy Bypass List Works 5-17Using WCCP with the Proxy Bypass List 5-18Bypassing Application Scanning 5-18Proxy Usage Agreement 5-18Configuring Client Applications to Use the Web Proxy 5-19Working with PAC Files 5-19PAC File Format 5-21Creating a PAC File for Remote Users 5-22Specifying the PAC File in Browsers 5-22Entering the PAC File Location 5-22Detecting the PAC File Location Automatically 5-23Adding PAC Files to the Web Security Appliance 5-24Specifying the PAC File URL 5-25Uploading PAC Files to the Appliance 5-28Understanding WPAD Compatibility with Netscape and Firefox 5-29Advanced Proxy Configuration 5-30Authentication Options 5-32Caching Options 5-39DNS Options 5-42EUN Options 5-44NATIVEFTP Options 5-44FTPOVERHTTP Options 5-47Cisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-01vii
ContentsHTTPS Options 5-48Scanning Options 5-49WCCP Options 5-49Miscellaneous Options 5-50CHAPTER6Working with Policies 6-1Working with Policies Overview 6-1Policy Types 6-3Identities 6-3Decryption Policies 6-4Routing Policies 6-4Access Policies 6-4IronPort Data Security Policies 6-5External DLP Policies 6-5Outbound Malware Scanning Policies 6-6SaaS Application Authentication Policies 6-6Working with Policy Groups 6-6Creating Policy Groups 6-7Using the Policies Tables 6-7Policy Group Membership 6-10Authenticating Users versus Authorizing Users 6-10Working with Failed Authentication and Authorization 6-11Working with All Identities 6-12Policy Group Membership Rules and Guidelines 6-12Working with Time Based Policies 6-13Creating Time Ranges 6-14Working with User Agent Based Policies 6-16Configuring User Agents for Policy Group Membership 6-16Exempting User Agents from Authentication 6-18Cisco IronPort AsyncOS 7.1 for Web User GuideviiiOL-23207-01
ContentsTracing Policies 6-18CHAPTER7Identities 7-1Identities Overview 7-1Evaluating Identity Group Membership 7-2Understanding How Authentication Affects Identity Groups 7-4Understanding How Authentication Affects HTTPS and FTP over HTTPRequests 7-6Understanding How Authentication Scheme Affects Identity Groups 7-9Matching Client Requests to Identity Groups 7-10Allowing Guest Access to Users Who Fail Authentication 7-13Identifying Users Transparently 7-16Understanding Transparent User Identification 7-17Rules and Guidelines 7-18Configuring Transparent User Identification 7-19Creating Identities 7-20Configuring Identities in Other Policy Groups 7-28Example Identity Policies Tables 7-31Example 1 7-31Example 2 7-33CHAPTER8Access Policies 8-1Access Policies Overview 8-1Access Policy Groups 8-2Understanding the Monitor Action 8-3Evaluating Access Policy Group Membership 8-4Matching Client Requests to Access Policy Groups 8-5Creating Access Policies 8-7Controlling HTTP and Native FTP Traffic 8-11Cisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-01ix
ContentsProtocols and User Agents 8-14URL Categories 8-15Applications 8-15Object Blocking 8-16Web Reputation and Anti-Malware 8-17Blocking Specific Applications and Protocols 8-18Blocking on Port 80 8-18Policy: Protocols and User Agents 8-18Policy: URL Categories 8-20Policy: Objects 8-21Blocking on Ports Other Than 80 8-21CHAPTERWorking with External Proxies 9-19Working with External Proxies Overview 9-1Routing Traffic to Upstream Proxies 9-2Adding External Proxy Information 9-3Evaluating Routing Policy Group Membership 9-5Matching Client Requests to Routing Policy Groups 9-6Creating Routing Policies 9-8CHAPTER10Decryption Policies 10-1Decryption Policies Overview 10-1Decryption Policy Groups 10-3Personally Identifiable Information Disclosure 10-4Understanding the Monitor Action 10-5Digital Cryptography Terms 10-6HTTPS Basics 10-8SSL Handshake 10-9Digital Certificates 10-9Cisco IronPort AsyncOS 7.1 for Web User GuidexOL-23207-01
ContentsValidating Certificate Authorities 10-10Validating Digital Certificates 10-12Decrypting HTTPS Traffic 10-13Mimicking the Server Digital Certificate 10-15Working with Root Certificates 10-16Using Decryption with the AVC Engine 10-19Using Decryption with AOL Instant Messenger 10-19Converting Certificate and Key Formats 10-20Enabling the HTTPS Proxy 10-21Evaluating Decryption Policy Group Membership 10-27Matching Client Requests to Decryption Policy Groups 10-28Creating Decryption Policies 10-30Controlling HTTPS Traffic 10-34Importing a Trusted Root Certificate 10-37CHAPTER11Outbound Malware Scanning 11-1Outbound Malware Scanning Overview 11-1User Experience with Blocked Requests 11-2Outbound Malware Scanning Policy Groups 11-2Evaluating Outbound Malware Scanning Policy Group Membership 11-3Matching Client Requests to Outbound Malware Scanning PolicyGroups 11-4Creating Outbound Malware Scanning Policies 11-6Controlling Upload Requests Using Outbound Malware Scanning Policies 11-11Logging 11-14CHAPTER12Data Security and External DLP Policies 12-1Data Security and External DLP Policies Overview 12-1Bypassing Upload Requests Below a Minimum Size 12-3Cisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-01xi
ContentsUser Experience with Blocked Requests 12-3Working with Data Security and External DLP Policies 12-4Data Security Policy Groups 12-4External DLP Policy Groups 12-6Evaluating Data Security and External DLP Policy Group Membership 12-7Matching Client Requests to Data Security and External DLP PolicyGroups 12-8Creating Data Security and External DLP Policies 12-10Controlling Upload Requests Using IronPort Data Security Policies 12-15URL Categories 12-17Web Reputation 12-17Content Blocking 12-17Defining External DLP Systems 12-20Controlling Upload Requests Using External DLP Policies 12-25Logging 12-27CHAPTER13Achieving Secure Mobility 13-1Achieving Secure Mobility Overview 13-1Working with Remote Users 13-2Enabling Secure Mobility 13-3Transparently Identifying Remote Users 13-5Logging 13-6Configuring Secure Mobility Using the CLI 13-7CHAPTER14Controlling Access to SaaS Applications 14-1SaaS Access Control Overview 14-1Understanding How SaaS Access Control Works 14-2Authenticating SaaS Users 14-4Cisco IronPort AsyncOS 7.1 for Web User GuidexiiOL-23207-01
ContentsAuthentication Requirements 14-4Enabling SaaS Access Control 14-5Understanding the Single Sign-On URL 14-5Using SaaS Access Control with Multiple Appliances 14-6Configuring the Appliance as an Identity Provider 14-7Creating SaaS Application Authentication Policies 14-11CHAPTER15Notifying End Users 15-1Notifying End Users of Organization Policies 15-1Configuring General Settings for Notification Pages 15-3Working With IronPort End-User Notification Pages 15-5Configuring IronPort Notification Pages 15-5Editing IronPort Notification Pages 15-8Rules and Guidelines for Editing IronPort Notification Pages 15-12Using Variables in Customized IronPort Notification Pages 15-13Working with User Defined End-User Notification Pages 15-14Configuring User Defined End-User Notification Pages 15-17End-User Acknowledgement Page 15-18Configuring the End-User Acknowledgement Page 15-20Configuring the End-User URL Filtering Warning Page 15-21Working with IronPort FTP Notification Messages 15-23Custom Text in Notification Pages 15-23Supported HTML Tags in Notification Pages 15-23Custom Text and Logos: Authentication, and End-User AcknowledgementPages 15-24Notification Page Types 15-25CHAPTER16URL Filters 16-1URL Filters Overview 16-1Cisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-01xiii
ContentsDynamic Content Analysis Engine 16-3Uncategorized URLs 16-4Matching URLs to URL Categories 16-4The URL Categories Database 16-5Configuring the URL Filtering Engine 16-5Filtering Transactions Using URL Categories 16-6Configuring URL Filters for Access Policy Groups 16-7Configuring URL Filters for Decryption Policy Groups 16-10Configuring URL Filters for Data Security Policy Groups 16-13Custom URL Categories 16-16Filtering Adult Content 16-20Logging Adult Content Access 16-22Redirecting Traffic 16-23Warning Users and Allowing Them to Continue 16-24User Experience When Warning Users 16-26Creating Time Based URL Filters 16-26Viewing URL Filtering Activity 16-27Understanding Unfiltered and Uncategorized Data 16-28Access Log File 16-28Regular Expressions 16-28Forming Regular Expressions 16-29Regular Expression Character Table 16-30URL Category Descriptions 16-32CHAPTER17Understanding Application Visibility and Control 17-1Controlling Applications Overview 17-1User Experience with Blocked Requests 17-3AVC Engine Updates 17-3Enabling the AVC Engine 17-3Cisco IronPort AsyncOS 7.1 for Web User GuidexivOL-23207-01
ContentsUnderstanding Application Control Settings 17-4Working with Browse View 17-5Working with Search View 17-7Rules and Guidelines 17-9Configuring Application Control Settings 17-9Controlling Bandwidth 17-11Configuring Overall Bandwidth Limits 17-11Configuring User Bandwidth Limits 17-12Configuring the Default Bandwidth Limit for an Application Type 17-13Overriding the Default Bandwidth Limit for an Application Type 17-13Configuring Bandwidth Controls for an Application 17-15Controlling Instant Messaging Traffic 17-17Viewing AVC Activity 17-19Access Log File 17-19CHAPTER18Web Reputation Filters 18-1Web Reputation Filters Overview 18-1The Web Reputation Database 18-1Maintaining the Database Tables 18-2Web Reputation Scores 18-2Enabling Web Reputation Filters 18-3Understanding How Web Reputation Filtering Works 18-4Web Reputation in Access Policies 18-4Web Reputation in Decryption Policies 18-5Configuring Web Reputation Scores 18-5Configuring Web Reputation for Access Policies 18-6Configuring Web Reputation for Decryption Policies 18-7Configuring Web Reputation for IronPort Data Security Policies 18-8Viewing Web Reputation Filtering Activity 18-9Cisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-01xv
ContentsMonitoring Filter and Scoring Activity 18-9Access Log File 18-10CHAPTER19Anti-Malware Services 19-1Anti-Malware Overview 19-1Malware Category Descriptions 19-2IronPort DVS (Dynamic Vectoring and Streaming) Engine 19-4Maintaining the Database Tables 19-5Understanding How the DVS Engine Works 19-5Working with Multiple Malware Verdicts 19-6Different Scanning Engines 19-6Same Scanning Engine 19-6Webroot Scanning 19-7McAfee Scanning 19-8Matching Virus Signature Patterns 19-8Heuristic Analysis 19-9McAfee Categories 19-9Sophos Scanning 19-10Configuring Anti-Malware Scanning 19-10Viewing Anti-Malware Scanning Activity 19-15Monitoring Scanning Activity 19-15Access Log File 19-15CHAPTER20Authentication 20-1Authentication Overview 20-1Client Application Support 20-3Working with Upstream Proxy Servers 20-3Authenticating Users 20-4Working with Failed Authentication 20-4Cisco IronPort AsyncOS 7.1 for Web User GuidexviOL-23207-01
ContentsUnderstanding How Authentication Works 20-5Basic versus NTLMSSP Authentication Schemes 20-7How Web Proxy Deployment Affects Authentication 20-8Explicit Forward Deployment, Basic Authentication 20-9Transparent Deployment, Basic Authentication 20-10Explicit Forward Deployment, NTLM Authentication 20-12Transparent Deployment, NTLM Authentication 20-13Working with Authentication Realms 20-14Creating Authentication Realms 20-15Editing Authentication Realms 20-15Deleting Authentication Realms 20-16Working with Authentication Sequences 20-16Creating Authentication Sequences 20-17Editing Authentication Sequences 20-18Deleting Authentication Sequences 20-19Appliance Behavior with Multiple Authentication Realms 20-19Testing Authentication Settings 20-20Testing Process 20-21LDAP Testing 20-21NTLM Testing 20-21Testing Authentication Settings in the Web Interface 20-22Testing Authentication Settings in the CLI 20-23Configuring Global Authentication Settings 20-23Sending Authentication Credentials Securely 20-37Uploading Certificates and Keys to Use with Credential Encryption andSaaS Access Control 20-38Accessing HTTPS and FTP Sites with Credential EncryptionEnabled 20-38Allowing Users to Re-Authenticate 20-39Using Re-Authentication with Internet Explorer 20-40Cisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-01xvii
ContentsUsing Re-Authentication with PAC Files 20-41Tracking Authenticated Users 20-42LDAP Authentication 20-43Changing Active Directory Passwords 20-43LDAP Authentication Settings 20-44LDAP Group Authorization 20-47NTLM Authentication 20-51Working with Multiple Active Directory Domains 20-51NTLM Authentication Settings 20-52Joining the Active Directory Domain 20-53Supported Authentication Characters 20-56Active Directory Server Supported Characters 20-56LDAP Server Supported Characters 20-58CHAPTER21L4 Traffic Monitor 21-1About L4 Traffic Monitor 21-1How the L4 Traffic Monitor Works 21-1The L4 Traffic Monitor Database 21-3Configuring the L4 Traffic Monitor 21-3Configuring L4 Traffic Monitor Global Settings 21-4Updating L4 Traffic Monitor Anti-Malware Rules 21-4Configuring L4 Traffic Monitor Policies 21-5Valid Formats 21-8Viewing L4 Traffic Monitor Activity 21-9Monitoring Activity and Viewing Summary Statistics 21-9L4 Traffic Monitor Log File Entries 21-10CHAPTER22Reporting 22-1Reporting Overview 22-1Cisco IronPort AsyncOS 7.1 for Web User GuidexviiiOL-23207-01
ContentsWorking with Usernames in Reports 22-2Report Pages 22-2Using the Reporting Tab 22-3Changing the Time Range 22-3Searching Data 22-5Working with Columns on Report Pages 22-5Configuring Columns on Report Pages 22-8Printing and Exporting Reports from Report Pages 22-10Exporting Report Data 22-10Enabling Centralized Reporting 22-12Scheduling Reports 22-13Adding a Scheduled Report 22-13Editing Scheduled Reports 22-15Deleting Scheduled Reports 22-15On-Demand Reports 22-15Archiving Reports 22-16SNMP Monitoring 22-16MIB Files 22-17Hardware Objects 22-18Hardware Traps 22-18SNMP Traps 22-19CLI Example 22-20CHAPTER23Web Security Appliance Reports 23-1Web Security Appliance Reports Overview 23-2Overview Page 23-2Users Page 23-5User Details Page 23-7Web Sites Page 23-10Cisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-01xix
ContentsURL Categories Page 23-12Using The URL Categories Page in Conjunction with Other ReportingPages 23-16Application Visibility Page 23-16Anti-Malware Page 23-18Malware Category Report Page 23-20Malware Threat Report Page 23-21Client Malware Risk Page 23-22Client Detail Page 23-24Web Reputation Filters Page 23-29L4 Traffic Monitor Data Page 23-31Reports by User Location Page 23-33Web Tracking Page 23-35System Capacity Page 23-40How to Interpret the Data You See on System Capacity Page 23-43System Status Page 23-44CHAPTER24Logging 24-1Logging Overview 24-1Log File Types 24-2Web Proxy Logging 24-8Working with Log Subscriptions 24-9Log File Name and Appliance Directory Structure 24-11Rolling Over Log Subscriptions 24-11Working with Compressed Log Files 24-12Viewing the Most Recent Log Files 24-13Configuring Host Keys 24-13Adding and Editing Log Subscriptions 24-14Deleting a Log Subscription 24-19Cisco IronPort AsyncOS 7.1 for Web User GuidexxOL-23207-01
ContentsAccess Log File 24-19Transaction Result Codes 24-23ACL Decision Tags 24-24Understanding Scanning Verdict Information 24-30Web Reputation Filters Example 24-34Anti-Malware Request Example 24-35Anti-Malware Response Example 24-35W3C Compliant Access Logs 24-36W3C Log File Headers 24-37Working with Log Fields in W3C Access Logs 24-38Custom Formatting in Access Logs and W3C Logs 24-39Configuring Custom Formatting in Access Logs 24-49Configuring Custom Formatting in W3C Logs 24-50Including HTTP/HTTPS Headers in Log Files 24-51Malware Scanning Verdict Values 24-52Traffic Monitor Log 24-53Troubleshooting 24-54CHAPTER25Configuring Network Settings 25-1Changing the System Hostname 25-1Configuring Network Interfaces 25-2Configuring the Data Interfaces 25-3Configuring the Network Interfaces from the Web Interface 25-5Configuring TCP/IP Traffic Routes 25-7Modifying the Default Route 25-7Working With Routing Tables 25-8Virtual Local Area Networks (VLANs) 25-9VLANs and Physical Ports 25-11Managing VLANs 25-11Cisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-01xxi
ContentsCreating a New VLAN via the etherconfig Command 25-11Creating an IP Interface on a VLAN via the interfaceconfigCommand 25-15Configuring Transparent Redirection 25-17Working with WCCP Services 25-17Working with the Assignment Method 25-18Working with the Forwarding and Return Method 25-19IP Spoofing when Using WCCP 25-20Adding and Editing a WCCP Service 25-21Deleting a WCCP Service 25-25Configuring SMTP Relay Hosts 25-26Configuring SMTP from the Web Interface 25-26Configuring SMTP from the CLI 25-27Configuring DNS Server(s) 25-28Specifying DNS Servers 25-28Split DNS 25-28Using the Internet Root Servers 25-29Multiple Entries and Priority 25-29DNS Alert 25-30Clearing the DNS Cache 25-30Configuring DNS 25-30CHAPTER26System Administration 26-1Managing the S-Series Appliance 26-1Saving and Loading the Appliance Configuration 26-2Committing Changes to the Appliance Configuration 26-3Support Commands 26-3Open a Support Case 26-3Remote Access 26-5Packet Capture 26-6Cisco IronPort AsyncOS 7.1 for Web User GuidexxiiOL-23207-01
ContentsStarting a Packet Capture 26-7Editing Packet Capture Settings 26-7Working with Feature Keys 26-10Feature Keys Page 26-10Feature Key Settings Page 26-11Expired Feature Keys 26-12Administering User Accounts 26-12Managing Local Users 26-13Adding Local Users 26-14Deleting Users 26-15Editing Users 26-15Changing Passwords 26-16Monitoring Users from the CLI 26-16Using External Authentication 26-17Configuring Administrator Settings 26-20Configuring Custom Text at Login 26-20Configuring IP-Based Administrator Access 26-20Configuring the SSL Ciphers for Administrator Access 26-21Configuring the Return Address for Generated Messages 26-21Managing Alerts 26-22Alerting Overview 26-22Alerts: Alert Recipients, Alert Classifications, and Severities 26-23Alert Settings 26-24IronPort AutoSupport 26-25Alert Messages 26-25Alert From Address 26-25Alert Subject 26-25Example Alert Message 26-26Managing Alert Recipients 26-27Adding New Alert Recipients 26-27Cisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-01xxiii
ContentsConfiguring Existing Alert Recipients 26-28Deleting Alert Recipients 26-28Configuring Alert Settings 26-29Editing Alert Settings 26-29Setting System Time 26-30Selecting a Time Zone 26-30Editing System Time 26-31Configure NTP (Network Time Protocol) 26-31Manually Setting System Time 26-32Installing a Server Digital Certificate 26-32Obtaining Certificates 26-33Intermediate Certificates 26-34Uploading Certificates to the Web Security Appliance 26-35Upgrading the System Software 26-40Upgrading AsyncOS for Web from the Web Interface 26-40Upgrading AsyncOS for Web from the CLI 26-41Differences from Traditional Upgrading Method 26-41Configuring Upgrade and Service Update Settings 26-42Updating and Upgrading from the IronPort Update Servers 26-43Configuring a Static Address for the IronPort Update Servers 26-44Upgrading from a Local Server 26-44Hardware and Software Requirements for Local Upgrade Servers 26-46Configuring the Update and Upgrade Settings from the Web Interface 26-46Configuring the Update and Upgrade Settings from the CLI 26-51Manually Updating Security Service Components 26-51CHAPTER27Command Line Interface 27-1The Command Line Interface Overview 27-1Using the Command Line Interface 27-1Cisco IronPort AsyncOS 7.1 for Web User GuidexxivOL-23207-01
ContentsAccessing the Command Line Interface 27-2Working with the Command Prompt 27-2Command Syntax 27-3Select Lists 27-4Yes/No Queries 27-4Subcommands 27-4Escaping Subcommands 27-5Command History 27-5Completing Commands 27-5Configuration Changes 27-6General Purpose CLI Commands 27-6Committing Configuration Changes 27-6Clearing Configuration Changes 27-7Exiting the Command Line Interface Session 27-7Seeking Help on the Command Line Interface 27-8Web Security Appliance CLI Commands 27-8APPENDIXAIronPort End User License Agreement A-1Cisco IronPort Systems, LLC Software License Agreement A-1INDEXCisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-01xxv
ContentsCisco IronPort AsyncOS 7.1 for Web User GuidexxviOL-23207-01
CH A P T E R1Getting Started with the Web SecurityApplianceThe IronPort AsyncOS for Web User Guide provides instructions for setting up,administering, and monitoring the IronPort Web Security appliance. Theseinstructions are designed for an experienced system administrator withknowledge of networking and web administration.This chapter discusses the following topics: What’s New in This Release, page 1-1 What’s New in Version 7.0, page 1-3 How to Use This Guide, page 1-11 Web Security Appliance Overview, page 1-16What’s New in This ReleaseThis section describes the new features and enhancements in AsyncOS for Web7.1. For more information about the release, see the product release notes, whichare available on the Cisco IronPort Customer Support site at the following teYou need a Cisco.com User ID to access the site. If you do not have a Cisco.comUser ID, you can register for one .doCisco IronPort AsyncOS 7.1 for Web User GuideOL-23207-011-1
Chapter 1Getting Started with the Web Security ApplianceWhat’s New in This ReleaseYou might also find it useful to review release notes for earlier releases to see thefeatures and enhancements that were previously added.New Feature: Web Reporting and Web TrackingAsyncOS for Web 7.1 supports advanced web reporting and web tracking. Webreporting and tracking aggregates information from individual securitycomponents as well as acceptable use enforcement components and records datathat can be used to monitor your web traffic patterns and security risks. Webreporting and tracki
Contents vi Cisco IronPort AsyncOS 7.1 for Web User Guide OL-23207-01 Configuring the WCCP Router 3-9 Example WCCP Configurations 3-11 Example 1 3-11 Example 2 3-12 Example 3 3-14 Working with Multiple Appliances and Routers 3-15 Using the Web Security Appliance in an Existing Proxy Environment 3-15 Transparent Upstream Proxy 3-15 Explicit Forward Upstream Proxy 3-16 .
