Web Security Services

 View Only

  • 1.  BlueCoat Threat Pulse - Unauthenticated User

    Posted Aug 07, 2017 06:03 AM

    Hi all

    Apologies if this is within the wrong section of the forum

    We are currently in the middle of a project to move from an existing BlueCoat Web Proxy solution, to a new BlueCoat ThreatPulse Cloud solution. Whilst we have migrated the existing rules and policies accross, we are having an issue with User Authentication. 

    Our Authentication is AD based, and we use the Auth Connector to sync our selected AD Users and Groups, up into the BlueCoat Cloud configuration. 

    However, when a users attempts to browse the web when pointing at this web proxy, we see the user presented as 'Unatuthenticated user' within our BlueCoat Control Panel. 

    Any help is appreciated. 

    Thanks

    Rich



  • 2.  RE: BlueCoat Threat Pulse - Unauthenticated User

    Posted Dec 08, 2017 01:17 PM

    What kind of communication do you have with WSS ? are you using explicit proxy or chained proxy or IPSEC vpn ? 

    When IPSEC VPN is used, you need to exclude the authentication traffic from the tunnel. Step7 bellow
    https://portal.threatpulse.com/docs/am/AccessMethods/deploy/onpremise/firewallvpn/chkpnt_psk_ta.htm

    Check the flow to the authentication servers on this KB: http://bluecoat.force.com/knowledgebase/articles/Solution/KB6237
    Your auth connector needs to have free access to those servers. 

    cheers. 

     



  • 3.  RE: BlueCoat Threat Pulse - Unauthenticated User

    Posted Apr 12, 2018 01:09 AM

    Hi Fletch,

    The UA will initiate two tunnel to the Cloud VPN, where one is for logged in user and another is non-interactive-user.

    The normal Internet access for browser and application that is able to honor the Operating System's logged in user id via the logged in user Cloud VPN tunnel.

    As for the non-interactive-user, which all known as system tunnel are for system process, control message or any third party application/software that is not able to honor the Operating System's logged in user id.

    As on the Cloud portal, it display the logged in user name id with the non-interactive-user, as with this you will be able to better determine if there were any authentication issue on the UA active connection.

    That said, however, you may disable the Cloud portal to log the non-interactive-user via Cloud portal > Service > Service > Mobility > Enforce username Formate in Traffic Tunnel > Username format > Logged in User ID.

    regards

    C Saravana Kumar



  • 4.  RE: BlueCoat Threat Pulse - Unauthenticated User

    Posted Apr 16, 2018 02:32 AM

     

    Hi Rich,

    you're saying that

    "when a users attempts to browse the web when pointing at this web proxy, we see the user presented as 'Unatuthenticated user' within our BlueCoat Control Panel."

    the above concern is not a technical issue but the reason behind it is, whenever you download an agent from the WSS portal to your endpoint(eg: laptop) at that point of time a tunnel will be established from your end device to WSS portal (i.e,  you have accessed WSS portal by providing the proper credentials). so when the same end device is trying to access the web they'll not be getting any authentication prompts from the WSS.

    regards
    Ranjith Vadagam