ā10-12-2016 03:18 AM
Hi Team,
We are working on a requirement of proxy wherein the customer has floated requirements which we need to comply with as mentioned here:
Blocking of single login in multiple device.
"Compatibility and Filtering for any device (on Company assets only) like Laptop computers (Windows & Mac), Apple iPhone/iPad, RIM Blackberry, Any Smartphone devices.
Real-time detection of phishing, botnets, vulnerability exploits.
Port wise website blocking/Allow.
If any Policy is modified by admin change notification should go to Manager for Approval.
Thanks & Regards,
Yogesh Madhekar
ā10-12-2016 05:15 PM
Hi,
- Blocking of single login in multiple device.
Can you verify the above requirement further
- "Compatibility and Filtering for any device (on Company assets only) like Laptop computers (Windows & Mac), Apple iPhone/iPad, RIM Blackberry, Any Smartphone devices.
You can do this by identifying the traffic using User Agent therefore you can apply certain action or policy when the traffic from Windows & Mac), Apple iPhone/iPad, RIM Blackberry, Any Smartphone devices.
- Real-time detection of phishing, botnets, vulnerability exploits.
Those threats should be picked up by the appliance scanning engines such as WBRS, Webroot, Sophos or McAfee
- Port wise website blocking/Allow.
You can configure this from the Access Policies under the "Protocols and User Agents" and put the port under HTTP CONNECT port if you want to allow that port, if not it will automatically block (WSA only listening to 80/443 and FTP)
- If any Policy is modified by admin change notification should go to Manager for Approval.
I believe WSA does not have this option. There could be already a feature request open for this.
ā10-13-2016 03:12 AM
Hi Handy,
Thanks for the reply.
Regarding the first point the customer has stated that the intention is to have the users login with their user id in only one of the devices at any point of time. Once the users are logged in they shouldn't be able to login using the same credentials from any other devices.
It is more like a NAC feature it seems but still appreciate any inputs on this.
Thanks & Regards,
Yogesh Madhekar
ā10-13-2016 06:25 AM
WSA wont do this... and if you're using more than one(HA, load balanced or wccp), has no mechanism to make sure the other WSA's know who logged in from where.
ā10-18-2016 11:54 PM
Hi Ken,
That means we can't restrict the user login to one single device and prevent them same credentials to be used on their other devices. It is a very handy feature for restricting the user to a single device use with WSA.
Is there any feature or enhancement request for the same?
Thanks & Regards,
Yogesh Madhekar
ā10-19-2016 07:24 AM
You, being a Cisco employee, would have better visibility to that than I do...
ā10-20-2016 04:34 AM
Hi Yogesh,
In the WSA if you go to Network->Authentication, you would get the option for "User Session Restrictions"(Prohibit an authenticated user from accessing the Internet from a different IP addresses). You can check the box to limit user access to multiple machines.
Thanks & Regards,
Kushagra Srivastava
Cisco PDI-TA
ā10-20-2016 05:01 AM
Hi Kushagra,
Thanks for the revert, have informed the same to the customer. Will update the discussion for any deviations for the same in customer response.
Thanks & Regards,
Yogesh Madhekar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide