Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1445
Views
0
Helpful
1
Replies

IronPort WebSec and Blackberry BES server integration

endpoint
Level 1
Level 1

‎11-03-2011 03:15 PM

Hi,

We are looking to integrate our Blackberry BES users and IronPort Websec. Basically we would like to control blackberry users Internet browsing with IronPort web security device in the way that every blackberry users will be going thru IronPort while surfing the Internet using blackberry handheld devices. We don't want to see BES server's ip address in IronPort for every blackberry users reaching the internet; instead since we are on Windows AD, we should be able to apply websec policy based on AD group and username.

Does anyone have similar setup? Any issues and does it work as expected?

Thanks

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎11-13-2011 11:20 PM

I'm still fighting with mine, but I think its because my Blackberry is going straight to the net, not via MDS.

A couple things to keep in mind:

You'll need to use a different surrogate for stuff coming from the BES server.  Otherwise the WSA will map the IP to the first user that logs in. 

Create an identity based on the IP its coming from (the BES box) and pick a cookie surrogate so that when users are required to auth, there's something that "sticks"

Config the BES with a policy to force the handhelds to accept cookies.

0 Helpful
Customers Also Viewed These Support Documents