1 Reply Latest reply on Jul 23, 2013 3:17 AM by asabban

    Can I add second SSL Scanner and Cookie Authentication rulesets in WMG 7.2.0?

    karubum

      Hi,

       

      I am thinking to add one more SSL Scanner and Cookie Authentication in MWG for one of my group users.

      Does it cause a problem in the system?

       

      Note: I need this to test weather my problem will be solved at below:

       

      https://community.mcafee.com/thread/57086?tstart=30

       

      I have picked up facebook as a test page to improve my https blocking rule for Group X.

      I have removed facebook urls and IP bloks from my SSL scanner list. Right now Group X cannot access to https://facebook.com whatsoever by using regular PC.

      But thin client users of Group X could access to https://facebook.com in IE browser. I have checked up in Crome and Mozilla browser https://facebook.com gets blocked successfully.

        • 1. Re: Can I add second SSL Scanner and Cookie Authentication rulesets in WMG 7.2.0?
          asabban

          Hello,

           

          you can simply add multiple instances of Cookue Authentication and/or SSL Scanner but I recommend to ensure that for each request going through the policy you only call ONE of them. Since a user can be in multiple groups this may cause problems, e.g.:

           

          Group "Domain Users":

            SSL Scanner #1

            Cookie Authentication #2

           

          Group "Administrators":

            SSL Scanner #2

            Cookie Authentication #2

           

          When I am now a member of "Domain Users" AND "Administrators" you will call both rule sets. Usually only one is applied, but this could lead to things (especially cookie auth) not working... so I would not recommend to do so.

           

          If you need this for testing I would rather recommend to use a criteria which is really unique, such as user name or client IP. If you need to stick with groups make exceptions so that only ONE rule set can match at a time.

           

          Best,

          Andre