10-25-2011 06:10 AM
Hi,
I've managed to add an Identity ldap and an Access Policy that requires authentication of Members in the group cn=internet.
If a User is NOT in group cn=internet but exists in LDAP, the User is getting Internet access. I need to disable Internet Access to all
Users NOT in Group cn=internet.
Trace is: DETAILS: DefaultGroup "Access"
How do I disable Access for the DefaultGroup ? I can't find a DefaultGroup anywhere.
Thank You
Uli
10-25-2011 07:57 AM
Go to the Global Policy in Web Security Manager>Access Policies and set it to block everything, then above that create a policy for group cn=Internet that allows internet users to go where ever they're allowed...
Edit: That will cause a little havoc with stuff that doesn't usually authenticate (Outlook, Windows Activation stuff, etc., so plan for that...)
10-25-2011 11:30 PM
This is a change from Bluecoat to Ironport, we already have the authentication Stuff configured.
Access Group noAuth and added the CustomURL's. There's a little cosmetic issue. There is a
Error Message Proxy_Auth_Required. I'd like the user to see that instead of something like
'Your request has been blocked by Company Rules'.
10-31-2011 12:48 PM
Hmm, I see what you mean...
I think you'll need somthing like this:
In Access Policies:
non auth agents (Outlook/Windows activation, etc...) --> allowed
authed users in cn=Internet group --> allowed
authed users not in group --> blocked
Global policy --> everything blocked
Go to Network/Authentication and set "Action if Authentication Service Unavailable" to Permit
Go to Web Security Manager/Identities, and in the Global Identity Policy, turn on Guest Privledges.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: