Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Deploy and Configure Cisco Web Security Appliance (WSA) in Cloud Connector Mode

Cisco Employee

(view in My Videos)

Cisco Cloud Web Security (CWS) provides industry-leading security and control for the distributed enterprise

 

 

2 Comments
New Member

Hi Zac, 

Great video. Very informative. I noticed in the admin guide it says that only Basic and NTLMSSP authentication work with WSA Cloud Connector. Do you know why this is? I have configured our wsa as a cloud connector and set to just Kerberos auth and it works. I can see in the tail logs "negotiate" (which i learned from one of your other videos means its using kerberos). In scancenter I can see the traffic and it identifies the user properly. The only thing i noticed is how the user shows up in scancenter, instead of being WinNT://Domain\\username it is WinNT://Domain.whatever\\username. Is that the reason Kerberos is not supported?

Also, when using ntlmssp is it normal browser behavior to see in the url in IE that it redirects to the proxy then to the webpage with a "itpac-long string of digits" - for example www.cnn.com->http://wsa01:3128/974372389hfifsd893475hf->www.cnn.com/iptac-93473hdrf7f9ysfdsfusdf?

Thanks

M

Cisco Employee

Hi

Thanks for the feedback, This is by design also we do have version that supports "Kerberos" authentication and step by step video as well, that contains all the supported version.

 

Located here:

https://supportforums.cisco.com/video/12116731/steps-configure-kerberos-authentication-web-security-appliance

and for Scancenter related questions, our team in CWS (community page as well), will be able to able to help in details.

 

Please let me know if you have any questions,

 

Regards,

Zack

 

 

110
Views
10
Helpful
2
Comments