cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
971
Views
1
Helpful
3
Replies

WSA configuration

tusharsurve
Level 1
Level 1

Hi Team,

I have been testing WSA with Async version 12.5.5

We have integrated AD authentication, configure SSL inspection on WSA 

Would like to know how we can configure below settings in WSA

1. Geo location based restriction for users connecting to specific countries.

2. tenant restriction for office 365. (as per the document we can configure it on the latest Async version 14) checking for the same in version 12

3. Application based caching like Microsoft applications (office 365) should be retrieved faster through WSA

4. Blocking upload of files on web.

5. How to integrate remote users on internet to route there traffic through WSA.

 

3 Replies 3

psayafan
Cisco Employee
Cisco Employee

Hi,

1- there is no ability to restrict users based on their country.

2- 3 ) According to the Microsoft suggestion, Office 365 traffic should bypass.

Microsoft 365 network connectivity principles - Microsoft 365 Enterprise | Microsoft Learn

4) I'm not sure getting your point.

5) which users? they are working on your compony? they are just client of ISP? they are your friends? (going deep)  

tusharsurve
Level 1
Level 1

Hi,

Thanks for the reply.

Let me elaborate the requirement

Point 1. want to block the destination based on geo location through proxy, same way which we can do it on firewall, block the traffic to particular countries.

Point 4. Want to block or restrict upload on application like google drive or one drive or any other cloud applications.

Point 5. Roaming users are those users which are not behind the corporate network.

Thanks in advance for your help.

Konstantinos9
Cisco Employee
Cisco Employee

Hi,

Regarding Geo location, unfortunately WSA does not offer controls based on the country destination.

You can limit / inspect file uploads in multiple ways. You can use the Application control (AVC) under your access policies (AP) where you have the options to limit and inspect web applications. You can set controls for example to allow view and download files from some cloud services while blocking the uploads. The other way would be to use the Cisco Data Security policy controls where you can choose which files types to block while uploading. Please keep in mind that both of these features require that you first decrypt the traffic for full visibility.

Konstantinos9_1-1677587590245.png

From Cisco Data Security, under Content -> Block File types ( It's only used for uploads). Below is an example of blocking MS Office Files:

Konstantinos9_2-1677587702991.png

Regarding the remote users, those users will have to be connected to your corporate network via VPN, to be able to go through the WSA. If you want or consider having different policies for those remote users, you can use the identification profiles and defines these clients based on the VLANs they are connected  via VPN.

Regarding O365 tenant restrictions, I see the functionality you're asking for is only available on Version 14.

Hope the above are helpful. Let me know if you have any further concerns.

Kind regards,

Konstantinos