cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1502
Views
0
Helpful
2
Replies

Basic questions about Ironport

Michael Wise
Level 1
Level 1

Dear responder,

I have some questions about the S series Web Security Ironport, It would be appreciated to respond it one by one.

1-Is ironport can work independently if i buy it alone and put it on the edge of my network and connect the internet to the one of that ports and connect my local lan switch to the other port?

2-If i can use it independanly can i use it in the Transparent proxy mode not the explicit one and make it sensitive to the Http traffic to bring the Authentication page for new users who want to connect to the Internet?

3-Is there any authentication page in ironport or i have connect to the ironport to use Internet like VPN connection by an agent?

4-Assume that if a user is currently log-in and the user wants to log-out, it there any way to Logout from the Ironport with a specific page for loging-out?

5-Is there any local database is available into the Ironport to create users?

6-Is there any option to define radius or Ldap server address as User database to read when needed for authentication propose?

thank you so much.

Abraham

1 Accepted Solution

Accepted Solutions

Good Afternoon Abraham,

In my answers I'll assume you'll get AsyncOS 7.5 for Web for your WSA.

1.  This is "in-line" mode, and while the documentation doesn't specifically say you can't do this, it doesn't say you can either.  The support on this is fuzzy.   There are 2 supported ways to deploy a WSA: Transparent redirection (using WCCP or policy-based routing), or explicit mode, using settings in the browser, or PAC files.

2. If I understand your question, the answer is yes.  With transparent redirection, you can force all http traffic to the WSA, and require users to authenticate.  You can force the users to enter a username and password, or it can happen automatically (see answer 3)

3. There are a few ways to handle authentication for your users: 

     They can authenticate to the the ironport, which can do a lookup against your LDAP or Active Directory.

     It can transparently authenticated them if you're using Active Directory and a browser that supports it (IE, Firefox, Chrome)

     You can use the ADAgent (runs on a seperate box) which scrapes the security logs from the AD domain controllers and passed authenticated users and their IP to the the Ironport.

4. I'm not aware of a "logout" page.

5. There is a "local database" for administrative users, and you can use RADIUS for administrative users, but not for your regular users. (see answer 6)

6. Yes. You can use LDAP, Novell eDirectory, or Microsoft Active Directory for your users.

I hope that helps!

Ken

View solution in original post

2 Replies 2

Good Afternoon Abraham,

In my answers I'll assume you'll get AsyncOS 7.5 for Web for your WSA.

1.  This is "in-line" mode, and while the documentation doesn't specifically say you can't do this, it doesn't say you can either.  The support on this is fuzzy.   There are 2 supported ways to deploy a WSA: Transparent redirection (using WCCP or policy-based routing), or explicit mode, using settings in the browser, or PAC files.

2. If I understand your question, the answer is yes.  With transparent redirection, you can force all http traffic to the WSA, and require users to authenticate.  You can force the users to enter a username and password, or it can happen automatically (see answer 3)

3. There are a few ways to handle authentication for your users: 

     They can authenticate to the the ironport, which can do a lookup against your LDAP or Active Directory.

     It can transparently authenticated them if you're using Active Directory and a browser that supports it (IE, Firefox, Chrome)

     You can use the ADAgent (runs on a seperate box) which scrapes the security logs from the AD domain controllers and passed authenticated users and their IP to the the Ironport.

4. I'm not aware of a "logout" page.

5. There is a "local database" for administrative users, and you can use RADIUS for administrative users, but not for your regular users. (see answer 6)

6. Yes. You can use LDAP, Novell eDirectory, or Microsoft Active Directory for your users.

I hope that helps!

Ken

thanks about your fast response

it would be appreciated if you can find my answer about the logout feature of this device because i want to use it in an Enterprise network that the most of the people are not joined to the Active Directory and some like CoffeeNet they have to logout for the other user, it would be appreciated to help me about the logout procedure or logout page.

thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: