05-24-2022 02:40 AM
Hello,
We need to identify via WSA the users that are using Windows 7 or below in order to block these systems from going to the internet.
Do you have any ideas how to do that? I think that the user-agent usually reveals that information but I am not certain if there is any way to specify that for everything below windows 7 and including win7.
Thanks a lot!
Solved! Go to Solution.
05-26-2022 12:24 AM
Hi ,
you can block by User agent
How to Block Unknown Applications on Secure Web Appliance - Cisco
To see the user agents that the client is using when accessing internet through WSA, you can add "%u" in the Custom Fields of the Access Policy Logs Subscription and you can see those information from the Access Logs of the appliance.
To add the custom fields in the access logs to see the user agent:
* Log in to the Web GUI of WSA
* Go to System Administration
* Go to Logs Subscriptions
* Go to Accesslogs
* Under Custom Fields (optional) text box, put %u to see the user agents in the access logs
* Submit and Commit
To see access logs of the WSA:
Here are the steps to take the access logs:
1)Connect to the device using CLI and enter the command grep
2)Enter the number of the log you wish to grep: 1 (for accesslogs)
3) Enter the regular expression to grep: <local IP>(IP of the client machine)
4) Do you want this search to be case insensitive?: Y
5) Do you want to tail this log?: Y
6) Do you want to paginate the output?: N
7)Visit the URL via a browser
To create An Identity based on specific user agent:
* Log in to the Web GUI of WSA
* Go to Web Security Manager
* Go to Identities
* Click on Add Identity
* Put the name of the new Identity
* Under 'Advanced' go to User Agents link
* Under Custom User Agents text box, put Windows NT 5.1 as the user agent
* Under Match User Agents, select Match the selected user agent definitions
* Click Done button
* Submit and Commit
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
05-25-2022 01:59 AM
Anyone?
05-26-2022 12:24 AM
Hi ,
you can block by User agent
How to Block Unknown Applications on Secure Web Appliance - Cisco
To see the user agents that the client is using when accessing internet through WSA, you can add "%u" in the Custom Fields of the Access Policy Logs Subscription and you can see those information from the Access Logs of the appliance.
To add the custom fields in the access logs to see the user agent:
* Log in to the Web GUI of WSA
* Go to System Administration
* Go to Logs Subscriptions
* Go to Accesslogs
* Under Custom Fields (optional) text box, put %u to see the user agents in the access logs
* Submit and Commit
To see access logs of the WSA:
Here are the steps to take the access logs:
1)Connect to the device using CLI and enter the command grep
2)Enter the number of the log you wish to grep: 1 (for accesslogs)
3) Enter the regular expression to grep: <local IP>(IP of the client machine)
4) Do you want this search to be case insensitive?: Y
5) Do you want to tail this log?: Y
6) Do you want to paginate the output?: N
7)Visit the URL via a browser
To create An Identity based on specific user agent:
* Log in to the Web GUI of WSA
* Go to Web Security Manager
* Go to Identities
* Click on Add Identity
* Put the name of the new Identity
* Under 'Advanced' go to User Agents link
* Under Custom User Agents text box, put Windows NT 5.1 as the user agent
* Under Match User Agents, select Match the selected user agent definitions
* Click Done button
* Submit and Commit
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide