Name: Cisco ASA Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

CHAPTER

8-1

Cisco ASA Series Firewall CLI Configuration Guide

ASA and Cisco Cloud Web Security

Cisco Cloud Web Security (also known as ScanSafe) provides web security and web filtering services

through the Software-as-a-Service (SaaS) model. Enterprises with the ASA in their network can use

Cloud Web Security services without having to install additional hardware.

• Information About Cisco Cloud Web Security, page 8-1

• Licensing Requirements for Cisco Cloud Web Security, page 8-4

• Guidelines for Cloud Web Security, page 8-5

• Configure Cisco Cloud Web Security, page 8-6

• Monitoring Cloud Web Security, page 8-14

• Examples for Cisco Cloud Web Security, page 8-15

• History for Cisco Cloud Web Security, page 8-19

Information About Cisco Cloud Web Security

When you enable Cloud Web Security on the ASA, the ASA transparently redirects selected HTTP and

HTTPS traffic to the Cloud Web Security proxy servers based on service policy rules. The Cloud Web

Security proxy servers then scan the content and allow, block, or send a warning about the traffic based

on the policy configured in Cisco ScanCenter to enforce acceptable use and to protect users from

malware.

The ASA can optionally authenticate and identify users with Identity Firewall and AAA rules. The ASA

encrypts and includes the user credentials (including usernames and user groups) in the traffic it redirects

to Cloud Web Security. The Cloud Web Security service then uses the user credentials to match the

traffic to the policy. It also uses these credentials for user-based reporting. Without user authentication,

the ASA can supply an (optional) default username and group, although usernames and groups are not

required for the Cloud Web Security service to apply policy.

You can customize the traffic you want to send to Cloud Web Security when you create your service

policy rules. You can also configure a “whitelist” so that a subset of web traffic that matches the service

policy rule instead goes directly to the originally requested web server and is not scanned by Cloud Web

Security.

You can configure a primary and a backup Cloud Web Security proxy server, each of which the ASA

polls regularly to check for availability.

• User Identity and Cloud Web Security, page 8-2

• Authentication Keys, page 8-2

Cisco ASA Series Configuration Guide

Other manuals for Cisco ASA Series