Cisco Cisco Web Security Appliance S660 Guida Utente

Local users. These users are connected to the network either physically or 
wirelessly.

You might want to create separate policies for remote and local users. For 
example, you can create Access Policies that allow access to Arts and 
Entertainment sites when users are outside the office (remote users), but block 
access when users are in the office (local users).

When you enable Secure Mobility Solution on the Security Services > Mobile 
User Security Page, you identify remote users using one of the following methods:

Associate by IP address. Specify a range of IP addresses that the appliance 
should consider as assigned to remote devices. Typically, the Cisco adaptive 
security appliance assigns these IP addresses to devices that connect using 
VPN functionality. When the Web Security appliance receives a transaction 
from one of the configured IP addresses, it considers the user as a remote user. 

Integrate with a Cisco ASA. Specify one or more Cisco adaptive security 
appliances the Web Security appliance communicates with. The Cisco 
adaptive security appliance maintains an IP address-to-user mapping and 
communicates that information with the Web Security appliance. When the 
Web Proxy receives a transaction, it obtains the IP address and determines the 
user by checking the IP address-to-user mapping. When users are determined 
by integrating with a Cisco adaptive security appliance, you can enable single 
sign-on for remote users.

For information on enabling single sign-on, see 

To protect remote users using always-on security, first you must enable the Secure 
Mobility Solution feature on the Web Security appliance. When Secure Mobility 
Solution is enabled, you can distinguish between remote users from local users 
when creating Identities.

You can also configure Secure Mobility Solution using the CLI. For more 
information, see 

To enable Secure Mobility Solution: