Cisco Cisco Web Security Appliance S170 Guía Del Usuario
5-32
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Failed Authentication
that uses MyIdentificationProfile, users who fail authentication match the global Access Policy. If you
do not want guest users to match a global policy, create a policy above the global policy that applies to
guest users and blocks all access.
do not want guest users to match a global policy, create a policy above the global policy that applies to
guest users and blocks all access.
Define an Identification Profile that Supports Guest Access
Step 1
Choose Web Security Manager > Identification Profiles.
Step 2
Click Add Identification Profile to add a new identity, or click the name of an existing identity that you
wish to use.
wish to use.
Step 3
Check the Support Guest Privileges check box.
Step 4
Submit and commit your changes.
Use an Identification Profile that Supports Guest Access in a Policy
Step 1
Choose a policy type from the Web Security Manager menu.
Step 2
Click a policy name in the policies table.
Step 3
Choose Select One Or More Identification Profiles from the Identification Profiles And Users
drop-down list (if not already chosen).
drop-down list (if not already chosen).
Step 4
Choose a profile that supports guest access from the drop-down list in the Identification Profile column.
Step 5
Click the Guests (Users Failing Authentication) radio button.
Note
If this option is not available it means the profile you chose is not configured to support guest
access. Return to step
access. Return to step
and choose another, or see
to define a new one.
Step 6
Submit and commit your changes.
Configure How Guest User Details are Logged
Step 1
Choose Network > Authentication.
Step 2
Click Edit Global Settings.
Step 3
Click a Log Guest User By radio button, described below, in the Failed Authentication Handling field.
Radio button
Description
IP Address
The IP address of the guest user’s client will be logged in the access logs.
User Name As Entered
By End-User
By End-User
The user name that originally failed authentication will be logged in the
access logs.
access logs.