cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
989
Views
0
Helpful
4
Replies

User authentication in a transparent deployment

Xavier Lloyd
Level 1
Level 1

Hi all,

Just wondering, if I don't want to have to change anything on my browser in terms of proxy settings, is there any way for me to set up IronPort so that I can build policies per user (with Active Directory)?

Basically I want policies as granular as possible and don't want to touch the end users. I want everything to be invisible to the end users.

Also, I just want to know if it can be done...you don't have to get into any gory details. If you can point me to a guide or something that can further explain it then it'd be good too. I checked the User Guide but I couldn't find anything =/

Thanks much!

Cheers,

Xavier

1 Accepted Solution

Accepted Solutions

The users have to login to the WSA.  Either they get prompted, and have to type in their username and password, or you join your WSA to the domain, and it challenges them and the browser logs them in autmatcially (IE, and Firefox? some others...)

This is configured under Network > Authentication. The online help has a good bit about how to set it up...

Once you have that working there are some identities based on user-agent) that you'll want to set up that don't require auth.  There are threads here with about that....

View solution in original post

4 Replies 4

edadios
Cisco Employee
Cisco Employee

Hello Xavier,

The WSA process the configuration from top > down, and will first try to match an identity. GUI > Web Security Manager > Identity.

Once it found the identity, for http, it will look for access policy that applies to it > GUI > Web Security Manager > Access Policy . 

So you configure an access policy you, where you will be specifying the identity you previously configured, and further drill down to groups and even down to user.

I hope this answers your query.

Regards,

Eric

Thanks Eric, I have another question

And the identities from the users can come from Active Directory? How does IronPort know that traffic coming from a particular IP address maps to a certain user?

Regards

Xavier

The users have to login to the WSA.  Either they get prompted, and have to type in their username and password, or you join your WSA to the domain, and it challenges them and the browser logs them in autmatcially (IE, and Firefox? some others...)

This is configured under Network > Authentication. The online help has a good bit about how to set it up...

Once you have that working there are some identities based on user-agent) that you'll want to set up that don't require auth.  There are threads here with about that....

Ok cool, thanks much Ken!

I'll keep reading

Xavier