cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
852
Views
5
Helpful
2
Replies

Identify Users with OS below Win7

spacemeb
Level 1
Level 1

Hello,

We need to identify via WSA the users that are using Windows 7 or below in order to block these systems from going to the internet.

Do you have any ideas how to do that? I think that the user-agent usually reveals that information but I am not certain if there is any way to specify that for everything below windows 7 and including win7.

Thanks a lot!

1 Accepted Solution

Accepted Solutions

amojarra
Cisco Employee
Cisco Employee

Hi , 

you can block by User agent

 

How to Block Unknown Applications on Secure Web Appliance - Cisco

 

 

To see the user agents that the client is using when accessing internet through WSA, you can add "%u" in the Custom Fields of the Access Policy Logs Subscription and you can see those information from the Access Logs of the appliance.

To add the custom fields in the access logs to see the user agent:

* Log in to the Web GUI of WSA
* Go to System Administration
* Go to Logs Subscriptions
* Go to Accesslogs
* Under Custom Fields (optional) text box, put %u to see the user agents in the access logs
* Submit and Commit

To see access logs of the WSA:

Here are the steps to take the access logs:

1)Connect to the device using CLI and enter the command grep
2)Enter the number of the log you wish to grep: 1 (for accesslogs)
3) Enter the regular expression to grep: <local IP>(IP of the client machine)
4) Do you want this search to be case insensitive?: Y
5) Do you want to tail this log?: Y
6) Do you want to paginate the output?: N
7)Visit the URL via a browser


To create An Identity based on specific user agent:

* Log in to the Web GUI of WSA
* Go to Web Security Manager
* Go to Identities
* Click on Add Identity
* Put the name of the new Identity
* Under 'Advanced' go to User Agents link
* Under Custom User Agents text box, put Windows NT 5.1 as the user agent
* Under Match User Agents, select Match the selected user agent definitions
* Click Done button
* Submit and Commit

 

 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++

View solution in original post

2 Replies 2

spacemeb
Level 1
Level 1

Anyone? 

amojarra
Cisco Employee
Cisco Employee

Hi , 

you can block by User agent

 

How to Block Unknown Applications on Secure Web Appliance - Cisco

 

 

To see the user agents that the client is using when accessing internet through WSA, you can add "%u" in the Custom Fields of the Access Policy Logs Subscription and you can see those information from the Access Logs of the appliance.

To add the custom fields in the access logs to see the user agent:

* Log in to the Web GUI of WSA
* Go to System Administration
* Go to Logs Subscriptions
* Go to Accesslogs
* Under Custom Fields (optional) text box, put %u to see the user agents in the access logs
* Submit and Commit

To see access logs of the WSA:

Here are the steps to take the access logs:

1)Connect to the device using CLI and enter the command grep
2)Enter the number of the log you wish to grep: 1 (for accesslogs)
3) Enter the regular expression to grep: <local IP>(IP of the client machine)
4) Do you want this search to be case insensitive?: Y
5) Do you want to tail this log?: Y
6) Do you want to paginate the output?: N
7)Visit the URL via a browser


To create An Identity based on specific user agent:

* Log in to the Web GUI of WSA
* Go to Web Security Manager
* Go to Identities
* Click on Add Identity
* Put the name of the new Identity
* Under 'Advanced' go to User Agents link
* Under Custom User Agents text box, put Windows NT 5.1 as the user agent
* Under Match User Agents, select Match the selected user agent definitions
* Click Done button
* Submit and Commit

 

 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++