Cisco Cisco Web Security Appliance S190 Guía Del Usuario
3-11
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 3 Connect the Appliance to a Cisco Cloud Web Security Proxy
Identification Profiles and Authentication
Identification Profiles and Authentication
The Cloud Web Security Connector supports basic authentication and NTLM. You can also bypass
authentication for certain destinations.
authentication for certain destinations.
In Cloud Connector mode, using an Active Directory realm, you can identify transaction requests as
originating from specific machines. The Machine ID service is not available in standard mode.
originating from specific machines. The Machine ID service is not available in standard mode.
With two exceptions, Authentication works the same throughout the Web Security Appliance, whether
in standard configuration or Cloud Connector configuration. Exceptions:
in standard configuration or Cloud Connector configuration. Exceptions:
•
The Machine ID service is not available in standard mode.
•
AsyncOS does not support Kerberos when the appliance is configured in Cloud Connector mode.
Note
Identification Profiles based on User Agent or Destination URL are not supported for HTTPS traffic.
Related topics
•
•
•
•
Identifying Machines for Policy Application
By enabling the Machine ID service, AsyncOS can apply policies based on the machine that made the
transaction request rather than the authenticated user or IP address or some other identifier. AsyncOS
uses NetBIOS to acquire the machine ID.
transaction request rather than the authenticated user or IP address or some other identifier. AsyncOS
uses NetBIOS to acquire the machine ID.
Before You Begin
•
Be aware that the machine identity service is only available through Active Directory realms. If you
do not have an Active Directory realm configured, this service is disabled.
do not have an Active Directory realm configured, this service is disabled.
Step 1
Select Network > Machine ID Service.
Step 2
Click Enable and Edit Settings.
Step 3
Configure Machine Identification settings:
Step 4
Submit and Commit your changes.
Setting
Description
Enable NetBIOS for Machine Identification
Select to enable the machine identification service.
Realm
The Active Directory realm to use to identify the
machine that is initiating the transaction request.
machine that is initiating the transaction request.
Failure Handling
If AsyncOS cannot identify the machine, should it
drop the transaction or continue with policy matching?
drop the transaction or continue with policy matching?