User is bypassing scansafe

jessicaday · ‎09-17-2018

I'm using Cisco ScanCenter "Scansafe", one user appears to be able to browse the internet without going through Scansafe. Their ipaddress is different to all of our other users.

Is there a way to check if any other users are affected by this.

Thanks !

Joel · ‎09-18-2018

If you're expecting all web traffic to hit Scansafe, anyone 'bypassing' would hit your perimeter device, that should log to a syslog server. If you have your firewall and that brings in AD details and rules based on user you might be able to determine what rules allow browsing and see if anyone else is hitting them.

How do you rollout the proxy to users? Via GPO? How has this user bypassed it?

jessicaday · ‎09-18-2018

Thanks Joel. I've got a call logged with our network support guys for them to advise how this gets applied, I think it is at firewall level (I don't think it is GPO).

The only funny thing that I've noticed is that the ipaddress of the client pc is at the very start of the range, so this could have been missed somewhere.