8-6
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 8 ASA and Cisco Cloud Web Security
Configure Cisco Cloud Web Security
Configure Cisco Cloud Web Security
Before you configure Cloud Web Security, obtain a license and the addresses of the proxy servers you
will use. Also, generate your authentication keys. Learn more about at Cloud Web Security
http://www.cisco.com/go/cloudwebsecurity.
Use the following process to configure the ASA to redirect web traffic to Cloud Web Security.
Before You Begin
If you want to send user identity information to Cloud Web Security, configure one of the following on
the ASA:
• Identity firewall (username and group).
• AAA rules (username only)—See the legacy feature guide.
If you want to use fully-qualified domain names (FQDN), such as www.example.com, you must
configure a DNS server for the ASA.
Procedure
Step 1 Configure Communications with the Cloud Web Security Proxy Server, page 8-6.
Step 2 (Optional.) Identify Whitelisted Traffic, page 8-8.
Step 3 Configure a Service Policy to Send Traffic to Cloud Web Security, page 8-9.
Step 4 (Optional.) Configure the User Identity Monitor, page 8-13
Step 5 Configure the Cloud Web Security Policy, page 8-14.
Configure Communications with the Cloud Web Security Proxy Server
You must identify the Cloud Web Security proxy servers so that user web requests can be redirected
properly.
In multiple context mode, you must configure the proxy servers in the system context, then enable Cloud
Web Security per context. Thus, you can use the service in some contexts but not in others.
Before You Begin
• You must configure a DNS server for the ASA to use fully-qualified domain names for the proxy
servers.
• (Multiple context mode.) You must configure a route pointing to the Cloud Web Security proxy
servers in both the system context and the specific contexts. This ensures that the Cloud Web
Security proxy servers do not become unreachable in the Active/Active failover scenario.
Procedure
Step 1 Enter ScanSafe general-options configuration mode. In multiple context mode, do this in the system
context.
scansafe general-options
Example
To Next Page
Loading...
Need help?
General
