Re: [OSL | CCIE_Security] WSA Authentication, Policies and Proxy Bypass

[Mike Rojas]

Hi Samarth, 

It was based on observation, I have my proctor lab session tomorrow. 

It was the same file being pulled, with the object blocking it was immediately 
blocked but I assume it should have been also block based on the malware policy 
inherit from the global access policy. 

Piotr Said that the download was allowed and then cancelled the download to 
continue with the video, Im not quite sure if he would have let the download 
continue it would have been truncated. 

Mike. 

From: s...@ipexpert.com
To: mike_c...@hotmail.com; ccie_security@onlinestudylist.com
Subject: RE: [OSL | CCIE_Security] WSA Authentication, Policies and Proxy Bypass
Date: Sun, 2 Jun 2013 07:19:34 +0530

Hi Mike, Check my previous reply. I have not taken a look at the video. However 
there is a difference between object blocking i.e. certain file types being 
downloaded and malware downloads or even based on WBRS (DVS based – malware). 
If you are doing the same in your practice lab, then share the accesslogs.  
Samarth ChidanandSr Instructor / Developer – IPexpertCCIE #18535 (R&S, 
Security)CCSI #34585   From: ccie_security-boun...@onlinestudylist.com 
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Sunday, June 2, 2013 4:33 AM
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] WSA Authentication, Policies and Proxy Bypass 
Hi, 

I was checking this demo, the last video on the WSA introduction. There are 
basically two policies created, one for Vlan100 and another one for Vlan60. 

The VLAN100 is able to download the malware.exe file correctly because he is 
only monitoring it. 
Since The global policy was being inherit, and the per group policy was not 
configured the first time, the User was not able to downloaded 
based on the malware policy on the globla policy.
Once the Policy was modified, the User was able to download the file and it was 
only being Monitored. 

For the Vlan60 The user should have been blocked as per the task 
The first thing that is shown is the User being able to download the file 
correctly but the download is stopped (manually)
Then the policy for .exe is changed and the User is immediately blocked to 
download the file 


My question is, shouldnt the first download of the VLAN 60 user be blocked 
based on the inherit policy for malware as it did on the first attempt on 
Vlan100?

Mike. 

                                          
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com