search cancel

Can we create a WSS policy based on WSS Agent OS version?

book

Article ID: 243000

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

We want to be able to create rules based on machine name or OS version via UPE e.g.

  • macOS users are not members of a domain and want to bypass Authentication for destinations
  • Windows users that installed WSS Agent on personal machines should be blocked from accessing 

 

Environment

WSS Agent access method.

WSS Agents running on both Windows and MacOS platforms.

Policy source Management Center / UPE.

Resolution

Needed custom CPL to apply policies based on host and client IDs. Here's an example policy of a use case based on OS.

Note that these conditions must be added in different Proxy layers!

define variable string x_client_os

<Proxy>
variable.x_client_os("$(x-client-os)")

define condition "wssa macos"
variable.x_client_os.substring="macOS"
end

define condition "wssa windows"
variable.x_client_os.substring="Windows"
end

<Proxy>
ALLOW condition="wssa macOS" url.domain="ifconfig.me"
DENY condition="wssa windows" url.domain="ifconfig.me"