Configure Cisco Cloud Web Security; Configure Communications With The Cloud Web Security Proxy Server - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configure Cisco Cloud Web Security
Configure Cisco Cloud Web Security
Before you configure Cloud Web Security, obtain a license and the addresses of the proxy servers you
will use. Also, generate your authentication keys. Learn more about at Cloud Web Security
http://www.cisco.com/go/cloudwebsecurity.
Use the following process to configure the ASA to redirect web traffic to Cloud Web Security.
Before You Begin
If you want to send user identity information to Cloud Web Security, configure one of the following on
the ASA:
•
•
If you want to use fully-qualified domain names (FQDN), such as www.example.com, you must
configure a DNS server for the ASA.
Procedure
Configure Communications with the Cloud Web Security Proxy Server, page
Step 1
(Optional.)
Step 2
Configure a Service Policy to Send Traffic to Cloud Web Security, page
Step 3
(Optional.)
Step 4
Configure the Cloud Web Security Policy, page
Step 5
Configure Communications with the Cloud Web Security Proxy Server
You must identify the Cloud Web Security proxy servers so that user web requests can be redirected
properly.
In multiple context mode, you must configure the proxy servers in the system context, then enable Cloud
Web Security per context. Thus, you can use the service in some contexts but not in others.
Before You Begin
•
•
Procedure
Step 1
Enter ScanSafe general-options configuration mode. In multiple context mode, do this in the system
context.
scansafe general-options
Example
Cisco ASA Series Firewall CLI Configuration Guide
8-6
Identity firewall (username and group).
AAA rules (username only)—See the legacy feature guide.
Identify Whitelisted Traffic, page
Configure the User Identity Monitor, page 8-13
You must configure a DNS server for the ASA to use fully-qualified domain names for the proxy
servers.
(Multiple context mode.) You must configure a route pointing to the Cloud Web Security proxy
servers in both the system context and the specific contexts. This ensures that the Cloud Web
Security proxy servers do not become unreachable in the Active/Active failover scenario.
Chapter 8
8-8.
8-14.
ASA and Cisco Cloud Web Security
8-6.
8-9.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
