05-20-2012 08:40 AM - edited 03-10-2019 07:06 PM
All,
We have a scenario where guests will be authenticated against the ISE or NAC Guest server, and customer will place an IronPort to provide web security, however, we can not find referentes whether IronPort can or cannot integrate with Guest Server, so that guests are not requested to be authenticated twice, one by the Guest Server, a one by the proxy. The idea is to keep it transparent for the guests with a single authentication.
Has anyone there implemented such scenario?
Thank you!
05-20-2012 11:57 PM
Unfortunately that is not a supported configuration scenario. SSO with IronPort is not supported.
05-21-2012 06:42 AM
I see. So, lets say we disable proxy authentication for the guest segment, can I still provide content filter for the segment, even though there is no proxy authentication? I assume customer will lose the reportinga and tracking granularity, but the scenario will work withou proxy authentication. This may be some sort of "man in the middle" only, but with content filter. Does it make sense?
Thank you!
05-22-2012 04:18 AM
Yes you can. Just configure the Ironport appliance in transparent mode with WCCP, but as you have said, you will loose user granularity.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: