Hi Mike, The identity policy tells is a user will be authenticated or not. If in the global policy you specify all to be authenticated, then everyone should undergo authentication unless specific rules above the global id policy bypass the auth.
Once that being done, we now have the user info. This can be used in the access policy group membership and apply specific AUP's. The default access global policy tries to match all the rules in the identity policy. Hence if you have auth enabled in the default identity policy then global ap policy matches it. Remember access and identity policies are interlinked and dependent. Sam Sent from Samsung Mobile -------- Original message -------- From: Mike Rojas <[email protected]> Date: 20/06/2013 06:59 (GMT+05:30) To: [email protected] Subject: [OSL | CCIE_Security] WSA Research Host NoAuth Policy Hi; I am doing the policy where the not authenticated user can access the internet from an specific time-range defined. I can see that on the DSG the Time-range is defined. Then, the policy is created, but I dont see the identity being used anywhere.... What I did was to create the identity and on the policy, when they said identity to use, I selected the One that I created then on advanced, I selected my time-range, instead on the DSG they select all, authenticated and not authenticated users. Any thoughts? Mike Rojas Security Technical Lead
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
