Re: Scansafe issue with Cisco Ironports

cyberops123 · ‎04-01-2019

Hi

Currently we are using cisco Ironport 170 as our production proxy and we let all our internal user traffic through Ironports. for the user laptops when they are not connected to VPN ,Scan safe is kicks in and that kind of handles users web traffic off the network .Recently we are having issues when client laptop connects to internal network and still trying to go through Scansafe and gets blocked on Firewall as we are not allowing any internal traffic going out besides than Cisco iron port .So my question is how does cisco Scansafe figures out when they are in the internal network or off the network . I was told scansafe tries to validate ssl cert with internal Iron port and with that feed back ,it kicks in or let Ironport handles web traffic .

Can someone give me overall information how it works for on and off the network with Cisco ironport ?

Scansafe is integrated with Cisco anyconnect client on user laptops and there are couple setting we can point out to internal proxies that way user traffic goes over Ironports .

Let me know if you have any opinion

Ken Stieers · ‎04-02-2019

Umbrella uses Anyconnect's "Trusted Network" definition/detection. I suspect that the CWS/Scansafe client does too...

cyberops123 · ‎04-04-2019

in the anyconnect client you can specify to verify cert with Ironport that management interface to verify if the client is actually in the internal network .if this validation fails , Scan safe kicks in and handles the web proxy traffic .