Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
805 Views 1 Reply Latest reply: Apr 15, 2013 12:03 PM by steve_smith RSS
bvacc21 Newcomer 1 posts since
Apr 13, 2013
Currently Being Moderated

Apr 13, 2013 7:23 AM

McAfee SaaS Web Security - How to Redirect from Network Edge

Hello,

 

I am trying to design my SaaS Implementation for a BYOD wireless network.  IP Address Authentication seems like the obvious implementation since its advantages states that "Can be deployed at the edge of the network using routing"

 

I have been unable to find a solution to accomplish this.  I am currently testing with Cisco Routers/ASA and Fortigate.  Has anyone successfully implemented this with either of those technologies or have any other suggestion.  I am in the design phase so am open to using new hardware.  The issues with Cisco/Fortigate that I am currently running into are:

 

Ideally I was hoping to use Policy Based Routing or some type of transparent proxy however am finding that both Cisco and Fortigate's preferred implementation would be with WCCP which isn't supported by McAfee Web Security.  Cisco also has some URL Filtering options but seems specific to Websense/TrendMicro/N2H2/ScanSafe. 

 

Thank you for any help in this matter.

  • steve_smith Newcomer 1 posts since
    Apr 15, 2013

    below are the commands to support  Authentication Proxy on an ISR with radius.  This will enable the router to prompt for a username and password when someone is trying to access http, the router will work s a proxy server in this case:

    aaa new-model

    aaa group server radius AAAPROXY

    server 192.168.1.10

    aaa authentication login default local group AAAPROXY none

    aaa authorization exec default group AAAPROXY none

    aaa authorization auth-proxy default group AAAPROXY

    ip auth-proxy auth-proxy-banner

    ip auth-proxy auth-cache-time 10

    ip auth-proxy name aaa_list http

    interface Ethernet0/0

    ip address 192.168.1.1 255.255.255.0

    ip auth-proxy aaa_list !

     

    radius-server host 192.168.1.10 auth-port 1645 acct-port 1646

    radius-server key cisco

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points