You have configured a Cisco ESA with a URL Category action that redirects the URLs of adult content sites to the Cisco Cloud Web Security proxy service. You receive a report that users are successfully accessing some adult content sites from the company network. However, you are able to verify that known adult sites are being redirected.
Which of the following could be the problem? (Select the best answer.)
- You did not specify any text to replace the URL.
- You did not defang the URL so that it cannot be clicked.
- The connection to the Cisco Cloud Web Security proxy service timed out.
- The adult content sites being visited are uncategorized.
The problem could be that the adult content sites being visited are uncategorized if users are able to access some adult sites while other known adult sites are being redirected. The Cisco Email Security Appliance (ESA) supports Uniform Resource Locator (URL) filtering, which can be used to test the reputation of URL links in email messages or to compare the content of the URL to a list of categories of sites that violate company policy. By using URL filtering with URL categorization, it is possible to limit user access to a given site without relying on a blacklist of the site’s possible IP addresses.
There are three options for action when a link in an email message matches a given URL category or its reputation score falls within a specified range:
– Defang the URL – renders the URL unclickable, although the user can still copy and paste the URL
– Redirect the URL to the Cisco Cloud Web Security proxy service – redirects the URL to a proxy, which blocks the site if it is malicious and displays a message to the user
– Replace the URL with specific text or the URL to thirdparty proxy service – replaces the link in the original email message with specific warning text provided by the administrator or with a link that redirects to a thirdparty proxy service
You can also choose to apply any of those actions to sites that are not yet categorized in the URL database.
In this scenario, sites that fit into the adult URL category should be redirected to the Cisco Cloud Web Security proxy service. However, there is nothing in the scenario to indicate that sites that are uncategorized have been configured to redirect to the Cisco Cloud Web Security proxy service. Therefore, users will be connected to the links as they appear in the original email message.
The connection to the Cisco Cloud Web Security proxy service is not timing out in this scenario, because connections to some sites in the URL category are being redirected. If a connection to the Cisco Cloud Web Security proxy service times out, URL filtering will automatically allow the user to connect to the target site by using the link in the original email message. Therefore, known adult sites in this scenario would be accessible to users if the connection to the Cisco Cloud Web Security proxy service was timing out. You do not need to defang the URL. In this scenario, you have chosen to redirect adult site content to the Cisco Cloud Web Security proxy. In addition, you do not need to specify text to replace the URL.