This week we started getting problems from users being rejected by the Ironport S650. This was after correcting a misconfiguration that had the final policy allowing access instead of a global BLOCK access. What we found was that user's were sending the machine account instead of the user's AD account name. We did find some hits on allowing winupdate, etc that the machine apparently attempts on bootup and did that. We are still seeing the problem. One user especially, starts on wireless OK for <1hr, no access for 18 min. (timeout is 15 min) and the next request sends the machine name. User switches to a wired connection and sends AD user name. Then there is a 8 minute break and the user is sending the machine name again. This is happening for about 6 users out of 900. Is there anyway to get the Ironport to ignore machine accounts (no $@AD allowed?)
We are on 7.1.3-014 on the Ironport, AD is 2008R2. users are XP and Windows7
If you are able/willing to move to 7.5, there's a new feature that allows you to define a timeout value for how long the WSA uses the machine credentials. After the timeout, it prompts users to enter their own credentials. This is a way to work around Windows' NCSI feature. You can read about this feature/enhancement in the 7.5 release notes here:
And that references where you can read about the feature in the 7.5 user guide. (The “Working with Windows 7 and Windows Vista” section in the “Authentication” chapter of the Cisco IronPort AsyncOS for Web User Guide.)
We are happy to share changes to the Cisco Threat Grid support experience! Our customers have spoken, and we have listened! You want a single, streamlined, easy to access tool to open, view, and update your cases across Cisco Services. That tool is Cisco’...
Where can I find out how to integrate my Cisco products with Threat Response?
There are quick start guides and instructional videos to help you get set up with your Cisco products and the Cisco Threat Response platform.
Inviting all Security & Networking professionals! We want you to tell us what devices you use to do your work and its screen resolution. Your response will help us improve network and security management tools.
Click here to take the 5-minute s...
This guide is intended to show some nifty and powerful use cases that a lot of customers either want or don’t know they want. There are tons of other content out there for specific knobs or capabilities, but this is looking to be a more complete...