1 Reply Latest reply: Apr 15, 2013 12:03 PM by steve_smith RSS

    McAfee SaaS Web Security - How to Redirect from Network Edge




      I am trying to design my SaaS Implementation for a BYOD wireless network.  IP Address Authentication seems like the obvious implementation since its advantages states that "Can be deployed at the edge of the network using routing"


      I have been unable to find a solution to accomplish this.  I am currently testing with Cisco Routers/ASA and Fortigate.  Has anyone successfully implemented this with either of those technologies or have any other suggestion.  I am in the design phase so am open to using new hardware.  The issues with Cisco/Fortigate that I am currently running into are:


      Ideally I was hoping to use Policy Based Routing or some type of transparent proxy however am finding that both Cisco and Fortigate's preferred implementation would be with WCCP which isn't supported by McAfee Web Security.  Cisco also has some URL Filtering options but seems specific to Websense/TrendMicro/N2H2/ScanSafe. 


      Thank you for any help in this matter.

        • 1. Re: McAfee SaaS Web Security - How to Redirect from Network Edge

          below are the commands to support  Authentication Proxy on an ISR with radius.  This will enable the router to prompt for a username and password when someone is trying to access http, the router will work s a proxy server in this case:

          aaa new-model

          aaa group server radius AAAPROXY


          aaa authentication login default local group AAAPROXY none

          aaa authorization exec default group AAAPROXY none

          aaa authorization auth-proxy default group AAAPROXY

          ip auth-proxy auth-proxy-banner

          ip auth-proxy auth-cache-time 10

          ip auth-proxy name aaa_list http

          interface Ethernet0/0

          ip address

          ip auth-proxy aaa_list !


          radius-server host auth-port 1645 acct-port 1646

          radius-server key cisco