Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Web Security Appliance S170
161162163164165166167168169170
CREATING IDENTITIES
CHAPTER 7: IDENTITIES 139
Note — Each Identity group name must be unique.
4. In the Insert Above field, choose where in the policies table to place the Identity group.
When configuring multiple Identity groups, you must specify a logical order for each
group. Carefully order your Identity groups to ensure that correct matching occurs and
position groups that do not require authentication above the first policy group that does
require authentication. For more information about how authentication affects Identity
groups, see “How Authentication Affects Identity Groups” on page 128.
5. In the Define Members by Subnet field, enter the addresses to which this Identity should
apply.
You can enter IP addresses, CIDR blocks, and subnets. Separate multiple addresses with
commas.
Note — If you do not enter an address in this field, the Identity group applies to all IP
addresses. For example, if you configure the Identity to require authentication, but do not
define any other settings, then the Identity acts similarly to the Default Identity Policy with
authentication required.
6. In the Define Members by Protocol section, choose to which protocols this Identity should
apply:
All protocols. This option applies to all protocols the Web Security appliance
supports.
HTTP/HTTPS only. This option applies to all requests that use HTTP or HTTPS as the
underlying protocol, including FTP over HTTP and any other protocol tunneled using
HTTP CONNECT.
Native FTP only. This option applies to native FTP requests only.
Note — To match transparently redirected HTTPS transactions, the Identity must specify
All protocols” instead of “HTTP/HTTPS.
7. In the Define Members by Authentication section, choose whether or not this Identity
requires authentication. You can choose No Authentication Required or you can choose a
defined authentication realm or sequence.
8. If you choose an NTLM authentication realm or sequence that contains an NTLM
authentication realm, you can choose the authentication scheme in the Scheme field.
Note — You can specify individual authenticated users or groups of users when you use
the Identity in a different type of policy group. For more information, see “Configuring
Identities in Other Policy Groups” on page 142.
9. If this Identity requires authentication, you can grant access to users who fail
authentication due to invalid credentials.