Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
850
Views
1
Helpful
3
Replies

Cisco WSA Transparent User Identification and RDS (Horizon)

AbdulRasheed66467
Level 1
Level 1

‎05-30-2022 05:47 AM

Dear All,

 

We are not using Cisco ISE or ASA. 

 

 

As I understand, the transparent user identification can be done using an Agent (the agent will pass the user-id to IP address mapping to the WSA). 

 

This is true for VDI users like VMware Horizon where each user will be given a dedicated VM as VDI desktop. Each VM will have its own IP address as well.

 

But when we use any Terminal Servers (like windows), how can we get the same user-id and IP address mapping. In this case more than one user users having the same IP address -We are not using Cisco ISE or ASA.  


Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎05-30-2022 07:23 AM 

But when we use any Terminal Servers (like windows), how can we get the same user-id and IP address mapping. In this case more than one user users having the same IP address -We are not using Cisco ISE or ASA.

This is bit different how it works, there is some Limitation here.  what are you looking to with terminal server login users ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

AbdulRasheed66467
Level 1
Level 1
In response to balaji.bandi

‎05-30-2022 10:42 PM

Hello Balaji,

I am allowing this users to use hosted web browsers. I need to apply polices in the WSA based on the user logged in to the terminal servers.

 

 

0 Helpful

amojarra
Cisco Employee
Cisco Employee

‎05-30-2022 08:13 AM

kindly check page 134 : User Guide for AsyncOS 14.0 for Cisco Web Security Appliances - GD (General Deployment)

 

maybe Persistent Cookie Surrogate or • Session Cookie Surrogate will help you.

 

Please note that there are some limitations and concerns such as : 

 

 If you have configured the Identification Profiles to use different authentication surrogates(IPaddress, persistent cookie,session cookie, and so on), then the accessis authenticated using the IPaddresssurrogate even though the access matches Identification Profiles with other surrogates.  

 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
Customers Also Viewed These Support Documents