Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
708
Views
0
Helpful
4
Replies

[CWS] Hotspot capabilities

Go to solution
Marcel van Dorp
Level 1
Level 1

‎08-21-2015 05:13 AM - edited ‎03-08-2019 05:37 PM

All,

 

Currently trying to build a simple solution allowing us to maintain control over browse behaviour without user agents or whatever. CWS can do that for us since we use ISR G2's and we could just push the traffic to the service cloud on gateway level. For internal employees we will not require authentication since they come from a certain know segment listed in an ACL. No worries so far.

 

However we also want to keep control over internet usage by external guests on site. Still no problem but the management would like the user to be presented a simple terms and agreements form which they have to agree upon to get access. 

 

Can this be done with CWS? Could not explicitly find it on cisco.com and that would life make a lot easier. I'm aware that there are a lot of solutions available but we really try to limit the amount of different stuff we need for to deploy this.

 

Thanks,

Marcel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Edan Mudachi
Cisco Employee
Cisco Employee
In response to Marcel van Dorp

‎08-21-2015 07:35 AM

Please see http://www.cisco.com/c/en/us/td/docs/security/web_security/scancenter/administrator/guide/b_ScanCenter_Administrator_Guide.pdf

 

Manging Policies starts on page 97.

 

Sincerely,

Edan Mudachi

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Edan Mudachi
Cisco Employee
Cisco Employee

‎08-21-2015 07:15 AM

Hi Marcel,

   If you have the ability to separate your guest wireless into a separate subnet then you can create a custom group in the portal to adhere to that subnet. Thereafter you can create a filter for all categories, and apply a WARN rule action to specifically that filter and group. One thing that might be of issue is making sure persistent cookies are enabled. You may run into an issue where the users are consistently prompted by the warn page if they do not have persistent cookies enabled.

 

Sincerely,

Edan Mudachi

0 Helpful

Go to solution
Marcel van Dorp
Level 1
Level 1
In response to Edan Mudachi

‎08-21-2015 07:23 AM

Hi Edan,

 

Sounds good. Yes, I've defined separate IP blocks for Guest and non-Guest users.

You might have any link with some sample config for a warn rule.

 

I'll request a trial and build a lab to play around.

 

Thanks.

0 Helpful

Go to solution
Edan Mudachi
Cisco Employee
Cisco Employee
In response to Marcel van Dorp

‎08-21-2015 07:35 AM

Please see http://www.cisco.com/c/en/us/td/docs/security/web_security/scancenter/administrator/guide/b_ScanCenter_Administrator_Guide.pdf

 

Manging Policies starts on page 97.

 

Sincerely,

Edan Mudachi

0 Helpful

Go to solution
Marcel van Dorp
Level 1
Level 1
In response to Edan Mudachi

‎08-21-2015 11:55 AM

Quickly glanced at that document, seems fairly simple.

Thanks Edan.

0 Helpful
Customers Also Viewed These Support Documents