Cisco Cisco Web Security Appliance S670 User Guide

The Cloud Web Security Connector supports basic authentication and NTLM. You can also bypass 
authentication for certain destinations.

In Cloud Connector mode, using an Active Directory realm, you can identify transaction requests as 
originating from specific machines. The Machine ID service is not available in standard mode.

With two exceptions, Authentication works the same throughout the Web Security Appliance, whether 
in standard configuration or Cloud Connector configuration. Exceptions:

The Machine ID service is not available in standard mode.

AsyncOS does not support Kerberos when the appliance is configured in Cloud Connector mode.

Identification Profiles based on User Agent or Destination URL are not supported for HTTPS traffic.

By enabling the Machine ID service, AsyncOS can apply policies based on the machine that made the 
transaction request rather than the authenticated user or IP address or some other identifier. AsyncOS 
uses NetBIOS to acquire the machine ID.

Be aware that the machine identity service is only available through Active Directory realms. If you 
do not have an Active Directory realm configured, this service is disabled.

Select Network > Machine ID Service.

Click Enable and Edit Settings.

Configure Machine Identification settings:

Enable NetBIOS for Machine Identification

Select to enable the machine identification service.

Realm

The Active Directory realm to use to identify the 
machine that is initiating the transaction request.

Failure Handling

If AsyncOS cannot identify the machine, should it 
drop the transaction or continue with policy matching?