Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problems with accessing websites through IronPort S370

I have a new IronPort S370 set up in explicit forward (proxy) mode.

 

The system is set up to use NTLM authentication, has an account on the domain, and is able to see users, groups, etc. in the domain. It tests out correctly.

 

So I built a new access policy that uses the domain realm and placed this policy above the default global policy on the IronPort. I associated a URL filtering policy with it, and put in a handful of websites to test. However, I am running into issues.

 

When I access some sites, I can get to them. When I access a site like google.com, I get a message that I have to log in (page cannot be displayed).

 

Looking at the logs, it looks like the IronPort is tunneling all the http traffic, and that 443 is hitting google.com

 

Is this correct? Whan can I do to change/fix this?

  • Web Security
2 REPLIES
New Member

OK, I have some more info for

OK, I have some more info for this.

 

The problem seems to be that the Global Access Policy overrides a specific policy I create.

 

If I create a group, use domain authentication (realm), assign a custom URL category to this group within an access policy (permitting access to certain URLs), and within the global policy block all categories by default, everything gets blocked.

 

In policy trace, I see the user is found in the directory, the website IP resolves, but the access policy I created is never looked at: only the global policy.

 

Is there something I am missing here?

Silver

After you add URL categories

After you add URL categories in your new access Policy and submit it, click link in URL Filtering column for your new access policy just created to edit it.

Click Select all link in Monitor column. Click submit.

Otherwise it will inherit global settings.

 

HTH

"Please rate helpful posts"

243
Views
0
Helpful
2
Replies
This widget could not be displayed.