Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IronPort WebSec and Blackberry BES server integration


We are looking to integrate our Blackberry BES users and IronPort Websec. Basically we would like to control blackberry users Internet browsing with IronPort web security device in the way that every blackberry users will be going thru IronPort while surfing the Internet using blackberry handheld devices. We don't want to see BES server's ip address in IronPort for every blackberry users reaching the internet; instead since we are on Windows AD, we should be able to apply websec policy based on AD group and username.

Does anyone have similar setup? Any issues and does it work as expected?



IronPort WebSec and Blackberry BES server integration

I'm still fighting with mine, but I think its because my Blackberry is going straight to the net, not via MDS.

A couple things to keep in mind:

You'll need to use a different surrogate for stuff coming from the BES server.  Otherwise the WSA will map the IP to the first user that logs in. 

Create an identity based on the IP its coming from (the BES box) and pick a cookie surrogate so that when users are required to auth, there's something that "sticks"

Config the BES with a policy to force the handhelds to accept cookies.

CreatePlease to create content