Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3004
Views
0
Helpful
7
Replies

Create a policy on a WSA to allow *.* access

Dominick Converse
Level 1
Level 1

‎09-15-2015 10:18 AM

I would like to create a policy on my WSA that will allow a specific device(s) access to the internet (*.*) without any filtering or authentication. I can create an identity and link it to a policy. Using an sub-net restriction it seems like I should be able to restrict the access to this policy to a specific IP address or very small sub-net of addresses (/30 or /32). The device(s) that reside within these sub-nets are proxy aware but cannot authentication to the internet and I do not have a list of websites or domains they may attempt to access.I have not had any luck using a regular expression but I am open to any suggestions or ideas.

 

Thanks

Dominick

Labels:
0 Helpful
7 Replies 7

Ken Stieers
VIP
VIP

‎09-15-2015 10:31 AM

Make sure this Identification profile is above any that require authentication.

I don't have a huge stack of access policies, we just use the Global...

My Identification Profile looks like this:

 

0 Helpful

Dominick Converse
Level 1
Level 1
In response to Ken Stieers

‎09-15-2015 10:34 AM

Ken, My policy looks almost exact. My issue really is allowing the *.* for this identity to access and give it a free pass to the internet. I cannot find a way to define *.* for the access.

0 Helpful

Ken Stieers
VIP
VIP
In response to Dominick Converse

‎09-15-2015 10:40 AM

Do you mean the Access Policy?

 

0 Helpful

Dominick Converse
Level 1
Level 1
In response to Ken Stieers

‎09-15-2015 11:24 AM

ok, I think I was over thinking this. I can now get to the internet without authentication but I am unable to access any website that is HTTPS like google. I am not running HTTPS decryption.

0 Helpful

Ken Stieers
VIP
VIP
In response to Dominick Converse

‎09-15-2015 11:32 AM

Taking a guess here: On the access policy, click "protocols and user agents" , select "Define Custom settings" and make sure the protocols are all unchecked (checking them here blocks that protocol).

 

 

0 Helpful

Dominick Converse
Level 1
Level 1
In response to Ken Stieers

‎09-24-2015 08:25 AM

Ken, It did not make a difference. I have a test appliance running https and it seems to work properly. That is strange that it will not work without https enabled.

0 Helpful

Ken Stieers
VIP
VIP
In response to Dominick Converse

‎09-15-2015 10:48 AM

Create an access policy, set the ID profile to be the one with the IPs, set URL/Applications/objects etc to Allow/Monitor...

 

OR if you don't care to see the traffic in the WSA at all, and you're using WCCP,  just put the IP ranges in the Bypass Settings under Web Security Manager...

 

0 Helpful
Customers Also Viewed These Support Documents