"Identify Traffic" options explained for SEP tunnel mode
search cancel

"Identify Traffic" options explained for SEP tunnel mode

book

Article ID: 253925

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG Endpoint Protection

Issue/Introduction

In configuring the SEP client to route traffic to the Web Security Service (WSS) using the SEP "tunnel" mode, what is the difference between the three options to identify user traffic: 

"Identify Traffic"

1. Based on the console user

2. Using WSS SAML authentication

3. Based on the running process


NOTE: these settings require SEP 14.3 RU5 (or later)

Resolution

To access the "Identify Traffic" options for the SEP "tunnel" mode: 


Login to the SEP Manager (SEP-M) and navigate to: 

Policies -> Web and Cloud Access Protection

"Redirection Method" drop-down, select: Tunnel

"Identify Traffic" drop-down (options explained below)


Based on the console user: 
- Accessed by RDP: NO
- Requires a WSS tunnel before login: NO
- Use on multi-user machine: NO

Using WSS SAML authentication: 
- Accessed by RDP: YES
- Requires a WSS tunnel before login: YES
- Use on multi-user machine: NO

Based on the running process: 
- Accessed by RDP: YES
- Requires a WSS tunnel before login: YES
- Use on multi-user machine: YES

 



Additional Information

The SEPM drop-down option of: "Using WSS SAML authentication"

...is equivalent to the WSSA command-line install option of: "AU=unauthenticated"

For example (WSSA): 

msiexec -i C:\downloads\wssa-installer.msi /passive AU=unauthenticated

 

SEP Web and Cloud Access Protection (WCAP) - Tunnel Mode

SEP reports “No user logged on at physical console” and fails to connect to WSS

Hybrid Windows users are taking more than 2 minutes to login

Powered by Wolken Software