Configuring Cloud Access Security Awareness

This section describes how to configure cloud access security awareness.

Prerequisites

Ensure that the service awareness signature database has been loaded on the FW and upgrade it to the latest version. For details on how to upgrade the service awareness signature database, see Update Center.

Context

The FW has a default cloud access security awareness profile named default. The default profile defines the default value for different behavior of each cloud app. The default profile cannot be modified or deleted.

When you reference a profile in a security policy, you can view the name of the default profile in the drop-down list. To view the configuration result, choose System > Configuration File Management. In Current Configuration, you can view that the security policy references the default profile, but the configuration information about the default profile is not displayed.

The FW supports user-defined profiles. You can set different actions for the behavior of each application to meet the fine-grained and differentiated control requirements.

Procedure

Choose Object > Security Profiles > Cloud Access Security Awareness.
Click Add.

Set the name and description of the cloud access security awareness profile.

Parameter	Description
Name	Name of the cloud access security awareness profile.
Description	Description of the cloud access security awareness profile. You can distinguish the functions of profiles by different descriptions.

Parameter

Description

Name

Name of the cloud access security awareness profile.

Description

Description of the cloud access security awareness profile.

You can distinguish the functions of profiles by different descriptions.

Configure actions for cloud applications.
Set actions for different behavior of cloud applications. The supported actions include:
- Allow: permits packets.
- Alert: permits packets and generates logs.
- Block: blocks packets and generates logs.
In addition, you can click Batch Application Behavior Configuration to set actions in batches by the behavior of cloud applications.
Click OK to complete the configuration of the cloud access security awareness profile.
Reference the cloud access security awareness profile in the security policy.
For details on how to configure the security policy, see Configuring a Security Policy.
Click Commit on the upper right of the web page to commit the security profile.
The configuration does not take effect immediately after you create or modify the profile. You must click Commit on the upper right of the interface to apply the configuration. To save time, you can commit the configuration after all operations on the profile are complete.

Follow-up Procedure

Check or release the reference between the security policy and profile.

To check for profile that is referenced by security policies, click View under References in the list of profile.
To release the reference between the security policy and profile, choose the security policy and click Release.

Click Release All, you can release all the references.