search cancel

Can we create a WSS policy based on WSS Agent machine name or OS version?

book

Article ID: 243000

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

WSS Agent access method.

WSS Agents running on both Windows and MacOS platforms.

WSS administration using UPE.

Want to be able to create rules based on machine name or OS version via UPE e.g.

- MacOS users are not members of a domain and want to bypass Authentication for destinations

- Windows users that installed WSS Agent on personal machines should be blocked from accessing 

 

Environment

WSS Managed via UPE

Resolution

Needed custom CPL to apply policies based on host and client IDs. Here's an example policy of a use case with machine name, and OS.

variable.x_client_device_name("$(x-client-device-name)")
define variable string x_client_device_name

define condition wssa-macos-dev
variable.x_client_device_name.substring="name=LAB-FKSWNQ2"
end

variable.x_client_os("$(x-client-os)")
define variable string x_client_os

define condition wssa-macos
variable.x_client_os.substring="name=macOS"
end

<Proxy>
ALLOW condition=wssa-macos url.domain="ifconfig.me"
ALLOW condition=wssa-macos-dev url.domain="ifconfigdev.me"