09-18-2018 03:28 PM
Good Morning All
We have recently setup two Cisco S300V WSA (Virtual)
I have been advised that it's best practice to setup a "Custom and External URL Categories" for Office365 where Authentication bypass is set. This is complete and working.
My problem is when we run monthly reporting on user bandwidth usage - The reporting is showing 90% IP addresses. When speaking to Cisco TAC, they advise this is because the main traffic is non Authenticated traffic (office365.com). Does anyone else have this problem when it comes to reporting? I can't provide people with a list of IP addresses as user bandwidth usage.
I'm also concerned what would happen if I removed office365.com from the bypass list.
Does anyone else do user reporting?
09-18-2018 07:11 PM
What Cisco TAC mentioned is correct, depends on your organisation policy, if all the users going to office 365 cloud for business, that will be most of the traffic in day to day operation.
how is other rules other than office365 ? how many rules in WSA ? How us your authentication against AD ?
09-18-2018 10:21 PM
Thanks for your reply.
The issue is the user report shows as IP addresses and not User (active directory names)
This is because the Office365 traffic is set as Auth Bypass and wont report as a "user"
So the top bandwidth is shown as IP addresses (of machines). I'm assuming if i remove the Auth bypass then traffic will show as users because each user would need to authenticate the traffic. Not sure if this would break other things setting Auth all Office traffic
09-19-2018 04:29 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide