Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
451
Views
0
Helpful
1
Replies

Webproxy for guest access

saxenanitesh8522
Level 4
Level 4

‎01-15-2015 10:23 AM

Hi,

I have deployed web proxy in explicit mode with integration with Active directory.

When my users are authenticated they are getting the access to the internet as per the policies.

I want to know, if any guest user's come and try to access the internet he wont be a authenticated user hence there will be no access to rule.

 

Is there any way to create a guest access policy that if the user is not found in the AD but he should get access through the second policy.

I have seen there is a option for the guest but not sure how this works.

Labels:
0 Helpful
1 Reply 1

Handy Putra
Cisco Employee
Cisco Employee

‎02-17-2015 04:29 PM

Please see the user guide: http://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa8-0/WSA_8-0-0_UserGuide.pdf and go to page 112 for "Granting Guest Access After Failed Authentication"

Basically when you create an Identity with authentication, tick the option for "Support Guest privileges if a user fails authentication.

Then ideally you will need to create 2 Access Policies using that Identity:

1. Access Policy that is using the authentication.
2. Access Policy that is using the same Identity and when you specify the Identity use and under "Authorized Users and Groups" select the "Guests (users failing authentication) then submit. (please note to put this second access policy under the authenticated access policy not place it before the authenticated access policy), after this you can specify the level of access for this access policy.

Hope this helps

0 Helpful
Customers Also Viewed These Support Documents