Cisco Cisco ScanSafe Web Security
Cisco CWS
– AnyConnect Web Security Deployment Guide
11
Test
Deploy
Prepare
Supplemental tutorial: Fail-Open / Fail-Close
On the Advanced page, the Connection Failure Policy dropdown list defines whether the Web
Security agent will fail open or fail close in case it cannot communicate with any of the datacenter
proxies on the list.
Security agent will fail open or fail close in case it cannot communicate with any of the datacenter
proxies on the list.
If you select Fail Close, then the next line becomes available to select, and that determines how the
Web Security agent will behave if a captive portal is detected.
Web Security agent will behave if a captive portal is detected.
Figure 2.6
When Captive Portal is set to Fail Open, then the user will be able to access a captive portal (i.e. in a
hotel or an airport) without the agent intercepting the web traffic, allowing the user to authenticate.
Once the user has passed the captive portal, and is granted internet access, the agent will continue
to work in fail close mode as set in the first dropdown window.
hotel or an airport) without the agent intercepting the web traffic, allowing the user to authenticate.
Once the user has passed the captive portal, and is granted internet access, the agent will continue
to work in fail close mode as set in the first dropdown window.
When the Connection Failure Policy is set to Fail Open, the Captive Portal setting will default to Fail
Open also, and will become unavailable for changing.
Open also, and will become unavailable for changing.