Cisco Cisco Web Security Appliance S670 User Guide
6-7
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 6 Classify End-Users and Client Software
Classifying Users and Client Software
Step 9
Submit and Commit Changes.
Define Members by
Machine ID
Machine ID
•
Do Not Use Machine ID in This Policy – The user is not identified
by machine ID.
by machine ID.
•
Define User Authentication Policy Based on Machine ID – The
user is identified primarily by machine ID.
user is identified primarily by machine ID.
Click the Machine Groups area to display the Authorized Machine
Groups page.
Groups page.
For each group you want to add, in the Directory Search field, start
typing the name of the group to add and then click Add. You can
select a group and click Remove to remove it from the list.
typing the name of the group to add and then click Add. You can
select a group and click Remove to remove it from the list.
Click Done to return to the previous page.
Click the Machine IDs area to display the Authorized Machines page.
In the Authorized Machines, field, enter the machine IDs to
associate with the policy then click Done.
associate with the policy then click Done.
Note
Authentication using Machine ID is supported only in
Connector mode and requires Active Directory.
Connector mode and requires Active Directory.
Advanced
Expand this section to define additional membership requirements.
•
Proxy Ports – Specify one or more proxy ports used to access the
Web Proxy. Enter port numbers separated by commas. For explicit
forward connections, the proxy port is configured in the browser.
Web Proxy. Enter port numbers separated by commas. For explicit
forward connections, the proxy port is configured in the browser.
For transparent connections, this is the same as the destination port.
Defining identities by port works best when the appliance is
deployed in explicit forward mode, or when clients explicitly
forward requests to the appliance. Defining identities by port when
client requests are transparently redirected to the appliance may
result in some requests being denied.
deployed in explicit forward mode, or when clients explicitly
forward requests to the appliance. Defining identities by port when
client requests are transparently redirected to the appliance may
result in some requests being denied.
•
URL Categories – Select user-defined or predefined URL categories.
Membership for both is excluded by default, meaning the Web Proxy
ignores all categories unless they are selected in the Add column.
Membership for both is excluded by default, meaning the Web Proxy
ignores all categories unless they are selected in the Add column.
If you need to define membership by URL category, only define it
in the Identity group when you need to exempt from authentication
requests to that category.
in the Identity group when you need to exempt from authentication
requests to that category.
•
User Agents – Defines policy group membership by the user agent
(applications such as Firefox or Chrome Web browsers) used in the
client request. You can select some commonly defined browsers, or
define your own using regular expressions.
(applications such as Firefox or Chrome Web browsers) used in the
client request. You can select some commonly defined browsers, or
define your own using regular expressions.
Choose whether this policy group should apply only to the selected
user agents, or to any user agent that is not in the list of selected agents.
user agents, or to any user agent that is not in the list of selected agents.