search cancel

All traffic from non-interactive-user blocked and cannot change this policy behaviour from Management Center/UPE

book

Article ID: 215706

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

SEP WTR enabled as access method into WSS

WSS managed using Management Center/UPE and not WSS Portal

WSS tenant Administrator observed huge number of policy denied events and the majority of it is from non-interactive-user.

Within UPE configuration, administrator only allows the traffic from domain users. Anything that is not a domain user will be denied by default - hence non-interactive-user is denied.

How does one can create a policy and allow the non-interactive user object in UPE?

 

Environment

Management center used to configure WSS

Users accessing WSS using SEP WTR clients

Can also apply to WSS agent clients

Cause

WSS policy rule only allowing access to objects for explicitly defined users and the non-interactive-user was not one of these allowed users. 

Resolution

Create a new 'non-interactive-user' within local authentication realm (IWA on-box) and create a corresponding rule to allow this user access to certain domains.

Here is how WSS Transformed the rule when completed:

define condition __USER1
  user="non-interactive-user" ; Gestures transformed ; realm=NCNET ->   
end condition __USER1

condition=__USER1 Allow