Hi Mike,
The DVS engine in the access policy will block the download. The download will be truncated. It will not reflect the complete file size. You may compare the size of the file downloaded (the blocked one) and the actual file size. Samarth Chidanand Sr Instructor / Developer - IPexpert CCIE #18535 (R&S, Security) CCSI #34585 From: [email protected] [mailto:[email protected]] On Behalf Of Mike Rojas Sent: Sunday, June 2, 2013 4:33 AM To: [email protected] Subject: [OSL | CCIE_Security] WSA Authentication, Policies and Proxy Bypass Hi, I was checking this demo, the last video on the WSA introduction. There are basically two policies created, one for Vlan100 and another one for Vlan60. The VLAN100 is able to download the malware.exe file correctly because he is only monitoring it. Since The global policy was being inherit, and the per group policy was not configured the first time, the User was not able to downloaded based on the malware policy on the globla policy. Once the Policy was modified, the User was able to download the file and it was only being Monitored. For the Vlan60 The user should have been blocked as per the task The first thing that is shown is the User being able to download the file correctly but the download is stopped (manually) Then the policy for .exe is changed and the User is immediately blocked to download the file My question is, shouldnt the first download of the VLAN 60 user be blocked based on the inherit policy for malware as it did on the first attempt on Vlan100? Mike.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
