Cisco Cisco Web Security Appliance S160 Guía Del Usuario
8-24
Cisco IronPort AsyncOS 7.5 for Web User Guide
Chapter 8 Identities
Example Identity Policies Tables
Step 5
If you choose an Identity that requires authentication, you can specify which users are authorized for this
policy group. These users must authenticate. In the Authorized Users and Groups column, choose one
of the following options:
policy group. These users must authenticate. In the Authorized Users and Groups column, choose one
of the following options:
•
All authenticated users. You can configure the Identity in this policy group to apply to all
authenticated users in the Identity group by default. If the Identity group specifies an authentication
sequence, you can configure this policy group to apply to one authentication realm or all realms in
the sequence.
authenticated users in the Identity group by default. If the Identity group specifies an authentication
sequence, you can configure this policy group to apply to one authentication realm or all realms in
the sequence.
•
Selected Groups and Users. You can configure the Identity in this policy group to apply to specific
users. You can define users by group object or user object. Click the link for either Groups or Users,
and enter the group or user information on the page that opens.
users. You can define users by group object or user object. Click the link for either Groups or Users,
and enter the group or user information on the page that opens.
When you add groups of users for an Identity using an NTLM authentication realm, the Edit Groups
page displays the first 500 matching entries, omitting built-in groups.
page displays the first 500 matching entries, omitting built-in groups.
•
Guests (users failing authentication). If the Identity group allows guest access, you can configure
this policy group to apply to all users who fail to authenticate in this Identity. For more information,
see
this policy group to apply to all users who fail to authenticate in this Identity. For more information,
see
.
•
All users (authenticated and unauthenticated users). You can configure this policy group to apply
to every user in every Identity group. This option only appears when you choose All Identities.
When you apply the policy group to all users, you must specify at least one advanced option to
distinguish this policy group from the global policy.
to every user in every Identity group. This option only appears when you choose All Identities.
When you apply the policy group to all users, you must specify at least one advanced option to
distinguish this policy group from the global policy.
Step 6
Optionally, if you configured specific Identity groups, you can add another Identity group to this policy
group by clicking Add Identity.
group by clicking Add Identity.
Step 7
If you add another Identity group, repeat steps
through
.
Step 8
Submit and commit your changes.
Example Identity Policies Tables
This section shows some sample Identity groups defined in an Identity policies table and describes how
the Web Proxy evaluates different client requests using each Identity policies table.
the Web Proxy evaluates different client requests using each Identity policies table.
Example 1
shows an Identity policies table with three user defined Identity groups. The first Identity
group applies to a particular subnet and does not require authentication. The second Identity group
applies to all subnets and requests for URLs in the “Proxies & Translators” category, and requires
authentication on RealmA. The third Identity group applies to all subnets, has no advanced options
defined, and requires authentication on RealmA. The global Identity policy applies to all subnets (by
definition) and does not require authentication.
applies to all subnets and requests for URLs in the “Proxies & Translators” category, and requires
authentication on RealmA. The third Identity group applies to all subnets, has no advanced options
defined, and requires authentication on RealmA. The global Identity policy applies to all subnets (by
definition) and does not require authentication.
Table 8-4
Policies Table Example 1
Order
Subnet(s)
Authentication
Required?
Required?
Realm or
Sequence
Sequence
Advanced Options
1
10.1.1.1
No
N/A
none
2
All
Yes
RealmA
URL Category is “Proxies &
Translators”
Translators”