08-27-2013 12:57 AM
Hi all,
Our WSA is currently configured as using NTLM for authentication ie binding to our AD
Entire internal LAN/Subnets has to go thru authentication when surfing/going to the internet
I am having issue resolving hostname for machines who are not part of the domain
Scenario 1&2 is working fine, however Scenerio 3 is not acceptable.
Scenario1:- whichever machine signing in as AD User and is part of the domain: SINGLE SIGN ON (working)
Scenario2:- whichever machine part of domain but sign machine LOCALLY without AD: Prompt for AD username/password (working)
Scenario3:- Machine not part of domain does not know how to resolve WSA hostname(datawsa01) thus Internet does not work totally (unless we manually set each client pc to resolve wsa hostname)
What is the best practise for scenario 3? Given that all 1,2,3 scenarios are all sitting in the same subnet.
Please advise
08-27-2013 06:33 AM
Hi,
Are using explicit ot transparent proxy? Assuming you are using explicit, you'd be best off either sorting out the DNS resolution for the proxy, however if you have no control over the local DNS you could just use the IP address rather than the name.
Thanks
Chris
02-16-2014 07:38 PM
i am using transparent proxy,
So if i understand correct, you ar saying if id add DNS resolution to proxy it will work?
02-17-2014 07:32 AM
Hello,
With regards to the comments from above, the clients will need to be able to resolve the redirect hostname configured on the WSA. (WebGUI > Network > Authentication > edit global settings > redirect hostname (for SSO has to be the short hostname)). If the client is not a member of your domain then it will likely require a local host entry in order to process the redirect for authenticaiton used by the WSA.
Hope this helps.
Best Regards,
Michael Hautekeete
Customer Support Engineer
Cisco Content Security - Web Security Appliance
http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
https://supportforums.cisco.com/community/netpro/security/web
https://supportforums.cisco.com/community/feeds?community=2091
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide