Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
2
Replies

CDA or AD Agent and Windows Update

Go to solution
Josh H
Level 1
Level 1

‎08-26-2015 05:25 AM

Hello, I have a question about the need for the CDA/AD Agent.  I understand they help resolve issues with applications which don't send username information, such as Windows Update by mapping IPs to usernames.  If I use CDA/AD Agent, will this allow Windows Update and similar programs to work without the need for special no-auth identities?  Currently I have these working with no-auth identities based on destination URLs now, but this is frustrating as I do not see the user traffic for these sites associated with their username in reports.  This is an explicit proxy environment using IP surrogates and no shared computing resources (no Citrix).

 

Thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Atazazuddin Shaikh
Cisco Employee
Cisco Employee

‎08-26-2015 08:51 AM

Josh

 

Thanks for reaching out,  Short answer is yes with the CDA " Windows Update and similar programs to work without the need for special no-auth identities will work fine as long as their is a ip to username mapping exist on the WSA",  but if  any client machines are not part of the AD/Domain updates form those client will fail.  To deal with those machines we can enable "Guest" access as a fallback on the Identity.

 

Thanks

Zack

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Atazazuddin Shaikh
Cisco Employee
Cisco Employee

‎08-26-2015 08:51 AM

Josh

 

Thanks for reaching out,  Short answer is yes with the CDA " Windows Update and similar programs to work without the need for special no-auth identities will work fine as long as their is a ip to username mapping exist on the WSA",  but if  any client machines are not part of the AD/Domain updates form those client will fail.  To deal with those machines we can enable "Guest" access as a fallback on the Identity.

 

Thanks

Zack

 

0 Helpful

Go to solution
Josh H
Level 1
Level 1

‎08-26-2015 06:54 PM

Thank you for your prompt reply.  We are a very locked down environment and only intend to allow internet access for clients which are in AD.  We have Blue Coat today using the BCAAA AD agent and Windows Updates and similar programs work fine with it.  I had hoped to avoid an AD agent/CDA with WSA.  But knowing it will resolve my issue of applications which do not send identity information, I think it is worth the hassle of setting up.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents