10-25-2011 06:10 AM
Hi,
I've managed to add an Identity ldap and an Access Policy that requires authentication of Members in the group cn=internet.
If a User is NOT in group cn=internet but exists in LDAP, the User is getting Internet access. I need to disable Internet Access to all
Users NOT in Group cn=internet.
Trace is: DETAILS: DefaultGroup "Access"
How do I disable Access for the DefaultGroup ? I can't find a DefaultGroup anywhere.
Thank You
Uli
10-25-2011 07:57 AM
Go to the Global Policy in Web Security Manager>Access Policies and set it to block everything, then above that create a policy for group cn=Internet that allows internet users to go where ever they're allowed...
Edit: That will cause a little havoc with stuff that doesn't usually authenticate (Outlook, Windows Activation stuff, etc., so plan for that...)
10-25-2011 11:30 PM
This is a change from Bluecoat to Ironport, we already have the authentication Stuff configured.
Access Group noAuth and added the CustomURL's. There's a little cosmetic issue. There is a
Error Message Proxy_Auth_Required. I'd like the user to see that instead of something like
'Your request has been blocked by Company Rules'.
10-31-2011 12:48 PM
Hmm, I see what you mean...
I think you'll need somthing like this:
In Access Policies:
non auth agents (Outlook/Windows activation, etc...) --> allowed
authed users in cn=Internet group --> allowed
authed users not in group --> blocked
Global policy --> everything blocked
Go to Network/Authentication and set "Action if Authentication Service Unavailable" to Permit
Go to Web Security Manager/Identities, and in the Global Identity Policy, turn on Guest Privledges.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide