Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
802
Views
0
Helpful
2
Replies

User is bypassing scansafe

jessicaday
Level 1
Level 1

‎09-17-2018 03:22 AM

I'm using Cisco ScanCenter "Scansafe", one user appears to be able to browse the internet without going through Scansafe.  Their ipaddress is different to all of our other users.

 

Is there a way to check if any other users are affected by this.

 

Thanks !

Labels:
0 Helpful
2 Replies 2

Joel
Level 1
Level 1

‎09-18-2018 06:24 AM

If you're expecting all web traffic to hit Scansafe, anyone 'bypassing' would hit your perimeter device, that should log to a syslog server. If you have your firewall and that brings in AD details  and rules based on user you might be able to determine what rules allow browsing and see if anyone else is hitting them.

How do you rollout the proxy to users? Via GPO? How has this user bypassed it?

 

 

 

 

 

0 Helpful

jessicaday
Level 1
Level 1
In response to Joel

‎09-18-2018 06:40 AM

Thanks Joel.  I've got a call logged with our network support guys for them to advise how this gets applied, I think it is at firewall level (I don't think it is GPO). 

 

The only funny thing that I've noticed is that the ipaddress of the client pc is at the very start of the range, so this could have been missed somewhere.

0 Helpful
Customers Also Viewed These Support Documents