cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
974
Views
0
Helpful
7
Replies

Create a policy on a WSA to allow *.* access

I would like to create a policy on my WSA that will allow a specific device(s) access to the internet (*.*) without any filtering or authentication. I can create an identity and link it to a policy. Using an sub-net restriction it seems like I should be able to restrict the access to this policy to a specific IP address or very small sub-net of addresses (/30 or /32). The device(s) that reside within these sub-nets are proxy aware but cannot authentication to the internet and I do not have a list of websites or domains they may attempt to access.I have not had any luck using a regular expression but I am open to any suggestions or ideas.

 

Thanks

Dominick

Everyone's tags (1)
7 REPLIES 7
Collaborator

Make sure this Identification

Make sure this Identification profile is above any that require authentication.

I don't have a huge stack of access policies, we just use the Global...

My Identification Profile looks like this:

 

Highlighted

Ken, My policy looks almost

Ken, My policy looks almost exact. My issue really is allowing the *.* for this identity to access and give it a free pass to the internet. I cannot find a way to define *.* for the access.

Collaborator

Do you mean the Access Policy

Do you mean the Access Policy?

 

ok, I think I was over

ok, I think I was over thinking this. I can now get to the internet without authentication but I am unable to access any website that is HTTPS like google. I am not running HTTPS decryption.

Collaborator

Taking a guess here: On the

Taking a guess here: On the access policy, click "protocols and user agents" , select "Define Custom settings" and make sure the protocols are all unchecked (checking them here blocks that protocol).

 

 

Ken, It did not make a

Ken, It did not make a difference. I have a test appliance running https and it seems to work properly. That is strange that it will not work without https enabled.

Collaborator

Create an access policy, set

Create an access policy, set the ID profile to be the one with the IPs, set URL/Applications/objects etc to Allow/Monitor...

 

OR if you don't care to see the traffic in the WSA at all, and you're using WCCP,  just put the IP ranges in the Bypass Settings under Web Security Manager...