Cisco Cisco Web Security Appliance S170 Guía Del Usuario
13-3
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 13 Achieving Secure Mobility
Enabling Secure Mobility
•
Local users. These users are connected to the network either physically or
wirelessly.
wirelessly.
You might want to create separate policies for remote and local users. For
example, you can create Access Policies that allow access to Arts and
Entertainment sites when users are outside the office (remote users), but block
access when users are in the office (local users).
example, you can create Access Policies that allow access to Arts and
Entertainment sites when users are outside the office (remote users), but block
access when users are in the office (local users).
When you enable Secure Mobility Solution on the Security Services > Mobile
User Security Page, you identify remote users using one of the following methods:
User Security Page, you identify remote users using one of the following methods:
•
Associate by IP address. Specify a range of IP addresses that the appliance
should consider as assigned to remote devices. Typically, the Cisco adaptive
security appliance assigns these IP addresses to devices that connect using
VPN functionality. When the Web Security appliance receives a transaction
from one of the configured IP addresses, it considers the user as a remote user.
should consider as assigned to remote devices. Typically, the Cisco adaptive
security appliance assigns these IP addresses to devices that connect using
VPN functionality. When the Web Security appliance receives a transaction
from one of the configured IP addresses, it considers the user as a remote user.
•
Integrate with a Cisco ASA. Specify one or more Cisco adaptive security
appliances the Web Security appliance communicates with. The Cisco
adaptive security appliance maintains an IP address-to-user mapping and
communicates that information with the Web Security appliance. When the
Web Proxy receives a transaction, it obtains the IP address and determines the
user by checking the IP address-to-user mapping. When users are determined
by integrating with a Cisco adaptive security appliance, you can enable single
sign-on for remote users.
appliances the Web Security appliance communicates with. The Cisco
adaptive security appliance maintains an IP address-to-user mapping and
communicates that information with the Web Security appliance. When the
Web Proxy receives a transaction, it obtains the IP address and determines the
user by checking the IP address-to-user mapping. When users are determined
by integrating with a Cisco adaptive security appliance, you can enable single
sign-on for remote users.
For information on enabling single sign-on, see
.
Enabling Secure Mobility
To protect remote users using always-on security, first you must enable the Secure
Mobility Solution feature on the Web Security appliance. When Secure Mobility
Solution is enabled, you can distinguish between remote users from local users
when creating Identities.
Mobility Solution feature on the Web Security appliance. When Secure Mobility
Solution is enabled, you can distinguish between remote users from local users
when creating Identities.
Note
To enable Secure Mobility Solution: