Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CE507-smartfilter problem

Hi all,

I understand this is a content networking furom. But I would like to ask some suggestions on our current deployment with CE507 using Secure Computing-SmartFilter as URL filter server.

We have already already configured our CE507 and is already running. Now we are deploying smartfilter for URL filtering but it does not work with username base access. We have tried configuring it by IP address authentication and t work fine.

But deploying to look-up for Ms active derictory for username, the smartfilter does not work.

any inputs will be highly appreciated.

Thanks,

udimpas

5 REPLIES
Cisco Employee

Re: CE507-smartfilter problem

udimpas,

Are you referring to enabling SmartFilter on the CE? Do you have the CE configured to perform authentication? The CE performs the authentication and passes the user id to the SmartFilter application.

~Zach

New Member

Re: CE507-smartfilter problem

Hi! thanks for the reply. We have already enabled the CE for Smartfilter. We have done this by selecting SmartFilter on the "Caching-URL Filter" menu.

On the SmartFilter, we have set the plugin as Cisco CE. Then for the directory resources, we have set it to support Micrososft active directory, create a user group and associate it with internal users on the SmartFilter. The group and usersname is the same on the MS active directory. Then finaly, we attach internet access policy.

The settings mentioned above does not work. As of now, the smartFilter is running based on the IP address as user. but our company policy requires us to use username instead of IP address for URL filter.

We think, we miss some settings on the CE or SmartFilter but we have no idea where. Your valuable feedback on this will be again highly appreiciated.

Thanks in advance!

regards,

udimpas

Cisco Employee

Re: CE507-smartfilter problem

Do you have HTTP request authentication configured on the CE? This is required.

With the SmartFilter configuration, you do not need to configure local users if you are checking for group membership with an external directory service.

You should also verify in the SmartFilter configuration that you have the directory service you created in the search list.

~Zach

New Member

Re: CE507-smartfilter problem

Hi Zach!

Good day! We tried your suggestion, we enable the CE to support LDAP HTTP user authentication on the CE GUI. also, define the active derictory server on the smartfilter directory resources. define username on the smartfilter, attach it to a group and attach the group into allow all policy.

When we try to access the internet browser. Although the CE asks for username password, we were still not able to access the internet.

We are using ACNS software release 5.0.5 and smartfilter version 3.1.2.

Also, i would like to clarify in the Base DN field on the CE LDAP page and Smartfilter directory resources page. Is it the our domain name?

regards,

udimpas

Cisco Employee

Re: CE507-smartfilter problem

I would recommend that we get the functions working separately, then use them together. So, we should

1) Get HTTP request authentication working

2) Get SmartFilter working

3) Use them together

The Base DN is usually your domain name, in format:

dc=company,dc=com

If you are having problems getting authentication working, please send me your configuration and output from 'debug http all' when the authentication fails. Note: I am assuming you are testing this in a lab -- 'debug http all' is resource intensive).

Also, as I mentioned in my previous post, you do not need to configure individual users in SmartFilter.

~Zach

seils@cisco.com

175
Views
6
Helpful
5
Replies