Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
997
Views
0
Helpful
3
Replies

WSA s170 - How to block skype and download

Alcides Miguel
Level 1
Level 1

‎07-01-2014 11:49 PM

Hi,

 

I recently changed my proxy solution from BlueCoat ProxySG to Cisco WSA but I'm finding some difficulties to operate the appliance. 

  a - I can't have multiple defaults route

  b - How can I block skype traffic?

  c - How can I block download

  d - No graphical interface for logging

 

I hope some here can help me. Because I don't know yet if it was a good choice change the solution that used to work like a charm.

 

If some one can also point the other good things I can do with this appliance should be good.

 

Best regards,

Alcides 

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Vance Kwan
Cisco Employee
Cisco Employee

‎07-10-2014 11:07 PM

It sounds like it may be best for you to reach out to the sales person that sold you this appliance.  But some quick answers for you:

 

a) You can go to Network > Routes.  You can set routes based on destinations.  What exactly are you trying to do with multiple default routes?  Are you trying to get some kind of fail-over setup?  If so, this cannot be done.  You can contact TAC and ask that they submit a feature request for this.

b) Skype can be blocked by the WSA, but after Skype determines that it cannot logon via port 80 or 443, it will start trying every port ever existed until it gets access.  Are you ready to block all other ports at the firewall?

c) You can block a download by file types under Access Policies > Mime Type.

d) There is web tracking.  But if you want to view live logs in the GUI, that is not available.  Consider contacting TAC and asking for a feature request as well.

 

It sounds like you are very used to the Bluecoat.  Different products will have different features. 

0 Helpful

alexdelangel
Level 1
Level 1

‎09-23-2014 10:10 AM

Hello Alcides,

Were you able to block skype traffic? Would you share the procedure with me? Or would any body share the precedures to block skype?

Regards!

0 Helpful

Alcides Miguel
Level 1
Level 1
In response to alexdelangel

‎10-01-2014 11:09 AM

Hi,

 

I'm steel waiting a solution from cisco. the solution that I found on cisco website is to block all communication that don't use hostname. but this solution was not viable because in our organization we use all a lot communication using IP.

 

Regards

0 Helpful
Customers Also Viewed These Support Documents