csa policy to give time limited webbrowser access when not on lan
Has anyone done a policy for allowing users to use a webbrowser for a specific amount of time, when they are off the internal lan ? I have done a policy that classifies webbrowsers when they connect on any tcp port in a system state that off-lan (done by dns suffix check), my problem is that i wan't to secure the webbrowser until the user has logged in to whatever hotspot page he needs to, in order to create a vpn connection, and then be classified as "on-lan". But i can't restrict what addresses this browser can reach, since this is very different from hotel to airport to generic hotspot, so i wan't to restrict the time the user has to login, after which he has to reboot or login to vpn to do anything network related. I have a policy that does all that, except for the time period, only thing the user has to do is close his browser and start it again, and then my dynamic appl. rule gives them another 5 minutes....which is not acceptable. Anyone done this ?
Re: csa policy to give time limited webbrowser access when not o
I have the same issue.
What I tried is to change the query response from allow to ?terminate?.
No when the user answers (his only choice is terminate) the browser windows closes and the user can?t open it again. That?s what I want, but he cannot login to some hotspots.
Then I created I first query with an ?allow? and after 5 minutes a second with ?terminate?. Now the user first selects allow and has then 5 minutes to login to some hotspots and after 5 minutes the second query pops up and he is asked to terminate the web browser. He that can only select ?terminate? and the web browser closes. The problem is that this time, even though this is a ?terminate?, he can open the web browser again and continue to surf without any further queries.
I haven?t further analyzed this issue, but I think this has to do with the processes and not with the application itself.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...