04-10-2012 01:06 PM
Dear responder,
I have some questions about the S series Web Security Ironport, It would be appreciated to respond it one by one.
1-Is ironport can work independently if i buy it alone and put it on the edge of my network and connect the internet to the one of that ports and connect my local lan switch to the other port?
2-If i can use it independanly can i use it in the Transparent proxy mode not the explicit one and make it sensitive to the Http traffic to bring the Authentication page for new users who want to connect to the Internet?
3-Is there any authentication page in ironport or i have connect to the ironport to use Internet like VPN connection by an agent?
4-Assume that if a user is currently log-in and the user wants to log-out, it there any way to Logout from the Ironport with a specific page for loging-out?
5-Is there any local database is available into the Ironport to create users?
6-Is there any option to define radius or Ldap server address as User database to read when needed for authentication propose?
thank you so much.
Abraham
Solved! Go to Solution.
04-10-2012 02:36 PM
Good Afternoon Abraham,
In my answers I'll assume you'll get AsyncOS 7.5 for Web for your WSA.
1. This is "in-line" mode, and while the documentation doesn't specifically say you can't do this, it doesn't say you can either. The support on this is fuzzy. There are 2 supported ways to deploy a WSA: Transparent redirection (using WCCP or policy-based routing), or explicit mode, using settings in the browser, or PAC files.
2. If I understand your question, the answer is yes. With transparent redirection, you can force all http traffic to the WSA, and require users to authenticate. You can force the users to enter a username and password, or it can happen automatically (see answer 3)
3. There are a few ways to handle authentication for your users:
They can authenticate to the the ironport, which can do a lookup against your LDAP or Active Directory.
It can transparently authenticated them if you're using Active Directory and a browser that supports it (IE, Firefox, Chrome)
You can use the ADAgent (runs on a seperate box) which scrapes the security logs from the AD domain controllers and passed authenticated users and their IP to the the Ironport.
4. I'm not aware of a "logout" page.
5. There is a "local database" for administrative users, and you can use RADIUS for administrative users, but not for your regular users. (see answer 6)
6. Yes. You can use LDAP, Novell eDirectory, or Microsoft Active Directory for your users.
I hope that helps!
Ken