User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

391

392

393

394

395

396

397

398

399

400

15-4

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 15 URL Filtering

Setting Up URL Filtering

• Alert: SDS: Error Fetching Enrollment Certificate, page 15-11

• Alert: SDS: Certificate Is Invalid, page 15-11

Certificates for URL Filtering Features

AsyncOS is designed to automatically deploy and update the certificates needed for communications

with cloud services used for URL filtering features. However, if for any reason the system is unable to

update these certificates, you will receive an alert that requires action from you.

Ensure that the appliance is configured to send you these alerts (System type, Warning severity). For

instructions, see Alerts, page 33-34.

If you receive an alert about an invalid certificate, contact Cisco TAC, which can provide the required

replacement certificate. For instructions to use the replacement certificate, see Manually Configuring a

Certificate for Communication with Cisco Web Security Services, page 15-13.

URL Filtering in Cluster Configurations

• You can enable URL filtering at the machine, group or cluster level.

• If URL filtering is enabled at machine level, URL whitelists can be configured at machine, group or

cluster level.

• If URL filtering is enabled at group level, URL whitelists must be configured at group or cluster

level.

• If URL filtering is enabled at cluster level, URL whitelists must be configured at cluster level.

• The standard rules for clusters for Message Filters and Content Filters apply.

Creating Whitelists for URL Filtering

If you specify a global whitelist when configuring the URL Filtering feature, then URLs on the whitelist

are not evaluated for reputation or category, for anti-spam, Outbreak Filtering, or content and message

filtering. However, the messages that contain these URLs are evaluated as usual by anti-spam scanning

and Outbreak Filters. You can also specify a URL whitelist in each URL Filtering condition (rule) and

action in content and message filters, to supplement the global URL whitelist.

To whitelist URLs from Outbreak Filtering generally, use the Bypass Domain Scanning option that you

configure on the Mail Policies: Outbreak Filters page. URL whitelists for URL filtering are similar to,

but independent of, Bypass Domain Scanning. For more information about that feature, see URL

Rewriting and Bypassing Domains, page 14-20.

There is no relationship between URL filtering whitelists described in this section and the whitelist used

for sender reputation filtering based on SBRS score.

Before You Begin

Consider importing a list of URLs instead of creating one in the web interface. See Importing a URL

List, page 15-5.

Procedure

Step 1 Select Mail Policies > URL Lists.