C H A P T E R
8-1
Cisco ASA Series Firewall CLI Configuration Guide
8
ASA and Cisco Cloud Web Security
Cisco Cloud Web Security (also known as ScanSafe) provides web security and web filtering services
through the Software-as-a-Service (SaaS) model. Enterprises with the ASA in their network can use
Cloud Web Security services without having to install additional hardware.
•
Information About Cisco Cloud Web Security, page 8-1
•
Licensing Requirements for Cisco Cloud Web Security, page 8-4
•
Guidelines for Cloud Web Security, page 8-5
•
Configure Cisco Cloud Web Security, page 8-6
•
Monitoring Cloud Web Security, page 8-14
•
Examples for Cisco Cloud Web Security, page 8-15
•
History for Cisco Cloud Web Security, page 8-19
Information About Cisco Cloud Web Security
When you enable Cloud Web Security on the ASA, the ASA transparently redirects selected HTTP and
HTTPS traffic to the Cloud Web Security proxy servers based on service policy rules. The Cloud Web
Security proxy servers then scan the content and allow, block, or send a warning about the traffic based
on the policy configured in Cisco ScanCenter to enforce acceptable use and to protect users from
malware.
The ASA can optionally authenticate and identify users with Identity Firewall and AAA rules. The ASA
encrypts and includes the user credentials (including usernames and user groups) in the traffic it redirects
to Cloud Web Security. The Cloud Web Security service then uses the user credentials to match the
traffic to the policy. It also uses these credentials for user-based reporting. Without user authentication,
the ASA can supply an (optional) default username and group, although usernames and groups are not
required for the Cloud Web Security service to apply policy.
You can customize the traffic you want to send to Cloud Web Security when you create your service
policy rules. You can also configure a “whitelist” so that a subset of web traffic that matches the service
policy rule instead goes directly to the originally requested web server and is not scanned by Cloud Web
Security.
You can configure a primary and a backup Cloud Web Security proxy server, each of which the ASA
polls regularly to check for availability.
•
User Identity and Cloud Web Security, page 8-2
•
Summary of Contents for ASA 5508-X
Page 11: ...P A R T 1 Access Control ...
Page 12: ......
Page 157: ...P A R T 2 Network Address Translation ...
Page 158: ......
Page 233: ...P A R T 3 Service Policies and Application Inspection ...
Page 234: ......
Page 379: ...P A R T 4 Connection Management and Threat Detection ...
Page 380: ......