cancel
Showing results for 
Search instead for 
Did you mean: 
karubum
Level 7

Can I add second SSL Scanner and Cookie Authentication rulesets in WMG 7.2.0?

Hi,

I am thinking to add one more SSL Scanner and Cookie Authentication in MWG for one of my group users.

Does it cause a problem in the system?

Note: I need this to test weather my problem will be solved at below:

https://community.mcafee.com/thread/57086?tstart=30

I have picked up facebook as a test page to improve my https blocking rule for Group X.

I have removed facebook urls and IP bloks from my SSL scanner list. Right now Group X cannot access to https://facebook.com whatsoever by using regular PC.

But thin client users of Group X could access to https://facebook.com in IE browser. I have checked up in Crome and Mozilla browser https://facebook.com gets blocked successfully.

0 Kudos
1 Reply
asabban
Level 17

Re: Can I add second SSL Scanner and Cookie Authentication rulesets in WMG 7.2.0?

Hello,

you can simply add multiple instances of Cookue Authentication and/or SSL Scanner but I recommend to ensure that for each request going through the policy you only call ONE of them. Since a user can be in multiple groups this may cause problems, e.g.:

Group "Domain Users":

  SSL Scanner #1

  Cookie Authentication #2

Group "Administrators":

  SSL Scanner #2

  Cookie Authentication #2

When I am now a member of "Domain Users" AND "Administrators" you will call both rule sets. Usually only one is applied, but this could lead to things (especially cookie auth) not working... so I would not recommend to do so.

If you need this for testing I would rather recommend to use a criteria which is really unique, such as user name or client IP. If you need to stick with groups make exceptions so that only ONE rule set can match at a time.

Best,

Andre

0 Kudos