Solved: Cisco IronPort Data Security Policy

Sergey Kikilo · ‎09-27-2013

Hello.

How can I enable Cisco IronPort Data Security Policy in WSA?

Actions, which are described in User Guide (Enable the Cisco IronPort Data Security Filters and Create and Configure Data Security Policy groups) gives nothing –content blocking isn't working.

Thanks for answers.

Vance Kwan · ‎09-30-2013

Just to clarify, are you trying to block a download? If you are trying to block a download, you will need to do so in the Access Policies.

The Ironport Data Security policies are for Uploads only.

-Vance

View solution in original post

Vance Kwan · ‎09-29-2013

The Ironport Data Security Policy will not apply unless the POST/PUT request payload is => 4096 bytes by default.

You may change the default setting of 4096 bytes by SSH'ing to the WSA. In the CLI, use the command 'datasecurityconfig' (no quotes).

Don't forget to 'commit' the change after you are done.

-Vance

Sergey Kikilo · ‎09-30-2013

Nothing changed. For example, I set the rule which blocks the audio file types (predefined group type), but user still can download the mp3 files. Their size is much greater than 4096 bytes.

Vance Kwan · ‎09-30-2013

Just to clarify, are you trying to block a download? If you are trying to block a download, you will need to do so in the Access Policies.

The Ironport Data Security policies are for Uploads only.

-Vance