Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
807
Views
0
Helpful
4
Replies

User authentication in a transparent deployment

Go to solution
Xavier Lloyd
Level 1
Level 1

‎07-20-2011 12:06 PM

Hi all,

Just wondering, if I don't want to have to change anything on my browser in terms of proxy settings, is there any way for me to set up IronPort so that I can build policies per user (with Active Directory)?

Basically I want policies as granular as possible and don't want to touch the end users. I want everything to be invisible to the end users.

Also, I just want to know if it can be done...you don't have to get into any gory details. If you can point me to a guide or something that can further explain it then it'd be good too. I checked the User Guide but I couldn't find anything =/

Thanks much!

Cheers,

Xavier

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP
In response to Xavier Lloyd

‎07-21-2011 07:51 AM

The users have to login to the WSA.  Either they get prompted, and have to type in their username and password, or you join your WSA to the domain, and it challenges them and the browser logs them in autmatcially (IE, and Firefox? some others...)

This is configured under Network > Authentication. The online help has a good bit about how to set it up...

Once you have that working there are some identities based on user-agent) that you'll want to set up that don't require auth.  There are threads here with about that....

View solution in original post

0 Helpful
4 Replies 4

Go to solution
edadios
Cisco Employee
Cisco Employee

‎07-20-2011 06:25 PM

Hello Xavier,

The WSA process the configuration from top > down, and will first try to match an identity. GUI > Web Security Manager > Identity.

Once it found the identity, for http, it will look for access policy that applies to it > GUI > Web Security Manager > Access Policy . 

So you configure an access policy you, where you will be specifying the identity you previously configured, and further drill down to groups and even down to user.

I hope this answers your query.

Regards,

Eric

0 Helpful

Go to solution
Xavier Lloyd
Level 1
Level 1
In response to edadios

‎07-21-2011 06:21 AM

Thanks Eric, I have another question

And the identities from the users can come from Active Directory? How does IronPort know that traffic coming from a particular IP address maps to a certain user?

Regards

Xavier

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to Xavier Lloyd

‎07-21-2011 07:51 AM

The users have to login to the WSA.  Either they get prompted, and have to type in their username and password, or you join your WSA to the domain, and it challenges them and the browser logs them in autmatcially (IE, and Firefox? some others...)

This is configured under Network > Authentication. The online help has a good bit about how to set it up...

Once you have that working there are some identities based on user-agent) that you'll want to set up that don't require auth.  There are threads here with about that....

0 Helpful

Go to solution
Xavier Lloyd
Level 1
Level 1
In response to Ken Stieers

‎07-21-2011 07:59 AM

Ok cool, thanks much Ken!

I'll keep reading

Xavier

0 Helpful
Customers Also Viewed These Support Documents