https://community.cisco.com/t5/web-security/using-web-tracking/m-p/2404239#M4316 <HTML><HEAD></HEAD><BODY><P>As long as the traffic to site is not by-passed in the WSA, it will be logged.</P><P>This also means it will show up in reporting.</P><P>If you do not see anything "blocked" in report for mr. X's traffic in the last two weeks, I'd assume he has been a good user <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>You can also use Policy Trace under System Administration menu in GUI, fill in the details and test to confirm if the site will be blocked by your policy.</P><P></P><P>Hope this helps.</P><P></P><P>- Donny</P></BODY></HTML> Tue, 28 Jan 2014 11:42:06 GMT donnylee 2014-01-28T11:42:06Z https://community.cisco.com/t5/web-security/using-web-tracking/m-p/2404238#M4315 <P>Been playing with Ironport for few month now, and still trying to understand the in and out. By looking at Web Tracking Results, how can I be so sure that the user X is successfully login to a website XYZ.com and able to jump from pages to pages with no problem. Clicking on the Display Details..., I can see more on the URL details and end with XYZ.com/.../members-login, XYZ.com/.../link/id/####, and XYZ.com/.../#.jpg. And under Disposition column, Allow is displayed for each website results. But the user X is saying the sub pages are "BLOCKED" and asking for access.</P><P></P><P>Without remoting user X computer, not knowing users member login, but I do know the web results showed up all allowed from Web Tracking for the last two weeks. Does that mean everthing is good? Is there another feature on Ironport that I can verify and say "Dude, nothing is blocked for this site!". Thank you for the help and educate me a little. <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P> Wed, 22 Jan 2014 18:46:56 GMT https://community.cisco.com/t5/web-security/using-web-tracking/m-p/2404238#M4315 Shao-Yu Chen 2014-01-22T18:46:56Z https://community.cisco.com/t5/web-security/using-web-tracking/m-p/2404239#M4316 <HTML><HEAD></HEAD><BODY><P>As long as the traffic to site is not by-passed in the WSA, it will be logged.</P><P>This also means it will show up in reporting.</P><P>If you do not see anything "blocked" in report for mr. X's traffic in the last two weeks, I'd assume he has been a good user <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>You can also use Policy Trace under System Administration menu in GUI, fill in the details and test to confirm if the site will be blocked by your policy.</P><P></P><P>Hope this helps.</P><P></P><P>- Donny</P></BODY></HTML> Tue, 28 Jan 2014 11:42:06 GMT https://community.cisco.com/t5/web-security/using-web-tracking/m-p/2404239#M4316 donnylee 2014-01-28T11:42:06Z https://community.cisco.com/t5/web-security/using-web-tracking/m-p/2404240#M4317 <HTML><HEAD></HEAD><BODY><P>While using Policy Trace I have noticed something. I removed myself from an active directory group, but the Policy Trace still shows I am in that group. Where can I verify that the Ironport is synced with active directory?</P></BODY></HTML> Wed, 29 Jan 2014 17:57:17 GMT https://community.cisco.com/t5/web-security/using-web-tracking/m-p/2404240#M4317 Shao-Yu Chen 2014-01-29T17:57:17Z https://community.cisco.com/t5/web-security/using-web-tracking/m-p/2404241#M4318 <HTML><HEAD></HEAD><BODY><P>Depending on the surrogate type used, your IP address may still be recognized after you've been removed from AD.</P><P>You may check or flush yourself out from the surrogate list, this can be done from CLI mode using command authcache'</P><P>However, I personally find policy trace as a simulator, and I'd double-confirm by sending real traffic and check the access log to confirm if my policy is working correctly.</P></BODY></HTML> Wed, 29 Jan 2014 23:14:37 GMT https://community.cisco.com/t5/web-security/using-web-tracking/m-p/2404241#M4318 donnylee 2014-01-29T23:14:37Z