06-23-2023 12:17 AM
Hi All,
Deployed an Anyconnect umbrella module for my onpremise and offpremise users to avail umbrella proxy features. Where i observing policy getting applied based on hostname of device and not on user base (abc@xyz.com). Please help how can i achieve user base policy using anyconnect agent.
06-23-2023 08:45 AM
I think there is an option in the security report dashboard that allows you to filter per computers, did you try that?
06-23-2023 08:51 AM
Hello! Will require more info, have you deployed the AD connector? If so are components all green?
Pre-req and how to integrate Umbrella with AD
https://docs.umbrella.com/deployment-umbrella/docs/1-ad-integration-setup-overview
06-25-2023 09:57 PM
Yes AD connectors are deployed and its functional also. But i have observed policy are getting applied using identity Roaming client and not AD user
06-26-2023 02:09 AM
1. Is it happening with the DNS policy, WEB policy or both? is this user the only one not being matched or all? was it working fine before?
2. Let's perform the following test: open the Policy tester and add as Identity the user and a domain that should be blocked, is the policy being matched the expected one?
3. Another test would be: to create a dummy DNS/WEB policy to match only that user and place it on top of the rack, adding a domain to be blocked. The takeaway of this test would be to see if there is any issue with that user/AD integration
06-26-2023 10:15 PM
1) It happening for both. And i believe Web policy first track User machine to match a policy. PFA snapshot and correct me if im wrong.
2) Tried but unless i add the user machine hostname policy doesnt work as expected.
3) Will do this and let you know.
06-27-2023 02:45 AM
Since this is happening with both DNS and WEB policies, let's focus on DNS, since it would be the first policy being enforced.
You are right, the AD user would be the first identity to be matched, both in DNS and WEB:
- Policy Precedence for DNS: https://docs.umbrella.com/umbrella-user-guide/docs/dns-policy-precedence
- Policy Precedence for WEB: https://docs.umbrella.com/umbrella-user-guide/docs/web-policy-precedence#match-an-identity
Regarding point 2, you mentioned it doesn't work as expected. Let's dig deeper, is the result of the policy tester the same as in reality?
06-29-2023 10:32 PM
Yes the result of the policy tester is the same as in reality.
06-30-2023 01:33 AM
Ok, the next step would be to create a dummy DNS policy to match only that AD user and place it on top of the policy rack, adding a domain to be blocked. The takeaway of this test would be to see if there is any issue with that user/AD integration. You may check as well if the policy tester result is the same as in reality.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide