cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
710
Views
0
Helpful
1
Replies

Configuring Application Visibility and Control from SMA CLI

Frank M
Level 1
Level 1

Hi All,

           I'm very new to world of Ironport, so please forgive my stupidity (ironport related or otherwise!).

We're currently suffering from from THIS bug on our SMA appliance, that's managing our WSA devices. I need to enable a block of Flash video on the WSA devices and was wondering if it was possible to configure this via the CLI on the SMA? I've got a work around in place blocking the flash related MIME types, but it's not able to block content delivered via HTTPS, so not a comprehensive block, which I believe AVC is capable of. 

Does anyone have any experience configuring AVC this way? Removing the centralized configuration from the SMA is my last option. 

Thanks,

Frank

1 Reply 1

Handy Putra
Cisco Employee
Cisco Employee

If the application is part of AVC and if the traffic that is using is HTTPS, you will need to enable decrypt for application detection in the WSA GUI -> Security Services -> HTTPS proxy -> Decrypt for Application Detection.

Other wise WSA unable to inspect the application signature and perform granular action for it since still been encrypted.

This will need to be enabled individually in WSA since this is a global setting of WSA, while SMA appliance only manage policies level (all setting in the "Web Security Manager" tab in WSA).

Once decrypted, you then can set the action from the access policy (which you can do this from SMA appliance)

Hope this helps.