Cisco Cisco Web Security Appliance S670 User Guide
6-6
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 6 Classify End-Users and Client Software
Classifying Users and Client Software
Step 8
In the Membership Definition section, supply membership parameters appropriate to the chosen
identification method. Note that all of the options described in this table are not available to every User
Identification Method.
identification method. Note that all of the options described in this table are not available to every User
Identification Method.
Authentication Surrogates
Specify how transactions will be associated with a user after successful
authentication (options vary depending on Web Proxy deployment mode):
authentication (options vary depending on Web Proxy deployment mode):
•
IP Address – The Web Proxy tracks an authenticated user at a
particular IP address. For transparent user identification, select
this option.
particular IP address. For transparent user identification, select
this option.
•
Persistent Cookie – The Web Proxy tracks an authenticated user on a
particular application by generating a persistent cookie for each user
per application. Closing the application does not remove the cookie.
particular application by generating a persistent cookie for each user
per application. Closing the application does not remove the cookie.
•
Session Cookie – The Web Proxy tracks an authenticated user on a
particular application by generating a session cookie for each user per
domain per application. (However, when a user provides different
credentials for the same domain from the same application, the cookie
is overwritten.) Closing the application removes the cookie.
particular application by generating a session cookie for each user per
domain per application. (However, when a user provides different
credentials for the same domain from the same application, the cookie
is overwritten.) Closing the application removes the cookie.
•
No Surrogate – The Web Proxy does not use a surrogate to cache the
credentials, and it tracks an authenticated user for every new TCP
connection. When you choose this option, the web interface disables
other settings that no longer apply. This option is available only in
explicit forward mode and when you disable credential encryption on
the Network > Authentication page.
credentials, and it tracks an authenticated user for every new TCP
connection. When you choose this option, the web interface disables
other settings that no longer apply. This option is available only in
explicit forward mode and when you disable credential encryption on
the Network > Authentication page.
•
Apply same surrogate settings to explicit forward requests – Check
to apply the surrogate used for transparent requests to explicit
requests; enables credential encryption automatically. This option
appears only when the Web Proxy is deployed in transparent mode.
to apply the surrogate used for transparent requests to explicit
requests; enables credential encryption automatically. This option
appears only when the Web Proxy is deployed in transparent mode.
Note
You can define a timeout valve for the authentication surrogate
for all requests in Global Authentication Settings.
for all requests in Global Authentication Settings.
Membership Definition
Define Members by
User Location
User Location
Configure this Identification Profile to apply to: Local Users Only,
Remote Users Only, or Both. This selection affects the available
authentication settings for this Identification Profile.
Remote Users Only, or Both. This selection affects the available
authentication settings for this Identification Profile.
Define Members by Subnet
Enter the addresses to which this Identification Profile should apply. You
can use IP addresses, CIDR blocks, and subnets.
can use IP addresses, CIDR blocks, and subnets.
Note
If nothing is entered, the Identification Profile applies to all
IP addresses.
IP addresses.
Define Members by Protocol Select the protocols to which this Identification Profile should apply; select
all that apply:
•
HTTP/HTTPS – Applies to all requests that use HTTP or HTTPS
as the underlying protocol, including FTP over HTTP, and any other
protocol tunneled using HTTP CONNECT.
as the underlying protocol, including FTP over HTTP, and any other
protocol tunneled using HTTP CONNECT.
•
Native FTP – Applies to native FTP requests only.
•
SOCKS – Applies to SOCKS Policies only