I would like to create a policy on my WSA that will allow a specific device(s) access to the internet (*.*) without any filtering or authentication. I can create an identity and link it to a policy. Using an sub-net restriction it seems like I should be able to restrict the access to this policy to a specific IP address or very small sub-net of addresses (/30 or /32). The device(s) that reside within these sub-nets are proxy aware but cannot authentication to the internet and I do not have a list of websites or domains they may attempt to access.I have not had any luck using a regular expression but I am open to any suggestions or ideas.
Make sure this Identification profile is above any that require authentication.
I don't have a huge stack of access policies, we just use the Global...
My Identification Profile looks like this:
Ken, My policy looks almost exact. My issue really is allowing the *.* for this identity to access and give it a free pass to the internet. I cannot find a way to define *.* for the access.
ok, I think I was over thinking this. I can now get to the internet without authentication but I am unable to access any website that is HTTPS like google. I am not running HTTPS decryption.
Taking a guess here: On the access policy, click "protocols and user agents" , select "Define Custom settings" and make sure the protocols are all unchecked (checking them here blocks that protocol).
Ken, It did not make a difference. I have a test appliance running https and it seems to work properly. That is strange that it will not work without https enabled.
Create an access policy, set the ID profile to be the one with the IPs, set URL/Applications/objects etc to Allow/Monitor...
OR if you don't care to see the traffic in the WSA at all, and you're using WCCP, just put the IP ranges in the Bypass Settings under Web Security Manager...