In what order are Access Policies and Identities processed on the Cisco Web Security Appliance (WSA)
Environment: Cisco Web Security Appliance (WSA), all versions of AsyncOS
Access Policies and Identities are processed in a specific order on the WSA. The WSA evaluates the identities and access policies using a "top down" rule processing approach. This means that the WSA checks identities or access policies in a "top > down" fashion and the first match that ismade, at any point in the processing, results in the action taken by the WSA.
Additionally, identities are evaluated first. Once a client's access matches a specific identity, the WSA checks all access policies that are configured to use the identity that matched the client's access.