Can I use multiple user notification actions in different web-access layers in policy?
Article ID: 165465
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
User Notification policies are used for Coaching, Splash, and Compliance purposes and they're described further in our "Creating Notification Policies: Coaching, Splash, and Compliance" techbrief. Usually, notification action associates with notification triggers, such as URL category, Client IP addresses and so on.
If policy is configured with unconditional Notification Actions in multiple web-access-layers of VPM, problems can arise;
For example;
--------
Web-Access-Layer-1
Source: none, Destination: none, Action: Notify-User1
Web-Access-Layer-2 (to the right of Web-Access-Layer-1)
Source: none, Destination: none, Action: Notify-User2
--------
When a user makes an HTTP request, that request will result in the Notify-User2 action being presented to the user, because the last action of the same type to be processed will take precedence. After the the user clicks the accept' link, policy will recognize that and re-process their request, remembering not to triger that same notification action. This time, the Notify-user1 policy is triggered, as it's not been used yet in this transaction.
This is reasonable and expected behavior from a policy perspective, however, it's very confusing to users, and likely not the behavior the proxy administrator expected. experience.
Blue coat does not recommend this type of policy configuration. Rather, if multiple Notification policies are required, it's best practice to identify the destination URLs or source user IDs or IP addresses to be used to trigger each action, and put those rules in the same layer in policy.
Feedback
Yes
No
Powered by
