Logging user details and allowing all outbound Internet access (not denying anyone).

book

Article ID: 166707

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

How do I capture user details without denying anyone access to the internet due to authentication problems? 

How do I track who is going through the Proxy but allow everyone to access the Internet (including guests)?

Resolution

1.  in Visual Policy Manager in your Web Authentication Layer your authetication rule you'll want to set the action as a combined action object

      a.  click on policy -> add web authentication layer

2.  on your authetication rule right click on the action field and choose "set"

3.  Click on the "New" button and choose "Combined Action Object"

 

4. From the Combined Action Object click on "New" and add a "Authenticate" object and select your prefered authentication realm and mode

5.  Make sure you click on "Add" to select the authetication object you just created

 

6.   Then click on "New" again and select "Permit Authentication Error" object
7.  Select the Authentication errors as shown below.  
8. Click on "OK: and then "ADD" to select the Authentication Error Object as a combined action with the Authentcate object,
9.  Click on Ok to close the Combined action object and install your VPM policy
(Special Note)
You can also somewhat tailor the errors you permit by editing the “Permit Authentication Error” object:

Some customers want to keep track of who is browsing the internet (via the Proxy) but do not wish to deny access.  

Note: While you can monitor the IP addresses of users on the Proxy, it is sometimes more useful to know the user names.

One way to monitor activity without denying access to users, is to enable authentication (linked to an auth realm) so you can capture the user’s details and then create a combined source object with “Permit All Authentication Errors”:
 
 
 
(Please refer to the Help menu for further details on each particular error type).
IMPORTANT CAVEAT:
We do not promote allowing uncontrolled user access to the Internet for staff or guests, however this article has been supplied due to customer request.  We would advise that you align your Internet access policy with your corporate IT policy.

 

 

 

Attachments