Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

csa policy to give time limited webbrowser access when not on lan

Hi There

Has anyone done a policy for allowing users to use a webbrowser for a specific amount of time, when they are off the internal lan ? I have done a policy that classifies webbrowsers when they connect on any tcp port in a system state that off-lan (done by dns suffix check), my problem is that i wan't to secure the webbrowser until the user has logged in to whatever hotspot page he needs to, in order to create a vpn connection, and then be classified as "on-lan". But i can't restrict what addresses this browser can reach, since this is very different from hotel to airport to generic hotspot, so i wan't to restrict the time the user has to login, after which he has to reboot or login to vpn to do anything network related. I have a policy that does all that, except for the time period, only thing the user has to do is close his browser and start it again, and then my dynamic appl. rule gives them another 5 minutes....which is not acceptable. Anyone done this ?

4 REPLIES

Re: csa policy to give time limited webbrowser access when not o

can it really be that no-one has any ideas about how to accomplish this ?

Silver

Re: csa policy to give time limited webbrowser access when not o

Never heard of this being done. I think you would run into problems trying to accomplish this if the system clocks on the PC and the CSAMC were not in sync.

I like to hear anybody else's thoughts on the subject, too.

Re: csa policy to give time limited webbrowser access when not o

Well, i am not looking to use actual time for this, but more so a timer from when the application is started, i don't think this will have any interaction with the time set on the csamc.

New Member

Re: csa policy to give time limited webbrowser access when not o

Hello all

I have the same issue.

What I tried is to change the query response from allow to ?terminate?.

No when the user answers (his only choice is terminate) the browser windows closes and the user can?t open it again. That?s what I want, but he cannot login to some hotspots.

Then I created I first query with an ?allow? and after 5 minutes a second with ?terminate?. Now the user first selects allow and has then 5 minutes to login to some hotspots and after 5 minutes the second query pops up and he is asked to terminate the web browser. He that can only select ?terminate? and the web browser closes. The problem is that this time, even though this is a ?terminate?, he can open the web browser again and continue to surf without any further queries.

I haven?t further analyzed this issue, but I think this has to do with the processes and not with the application itself.

Any ideas are welcome.

128
Views
0
Helpful
4
Replies