User is bypassing scansafe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2018 03:22 AM
I'm using Cisco ScanCenter "Scansafe", one user appears to be able to browse the internet without going through Scansafe. Their ipaddress is different to all of our other users.
Is there a way to check if any other users are affected by this.
Thanks !
- Labels:
-
Web Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2018 06:24 AM
If you're expecting all web traffic to hit Scansafe, anyone 'bypassing' would hit your perimeter device, that should log to a syslog server. If you have your firewall and that brings in AD details and rules based on user you might be able to determine what rules allow browsing and see if anyone else is hitting them.
How do you rollout the proxy to users? Via GPO? How has this user bypassed it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2018 06:40 AM
Thanks Joel. I've got a call logged with our network support guys for them to advise how this gets applied, I think it is at firewall level (I don't think it is GPO).
The only funny thing that I've noticed is that the ipaddress of the client pc is at the very start of the range, so this could have been missed somewhere.
