User-based policies and Cisco integration

Applies to:
  • Forcepoint URL Filtering, v8.5.x

If http, https or ftp authentication is enabled on a Cisco security appliance, User Service must be installed in the same domain (Windows), or the same root context (LDAP) as authenticated users in order to get correct user information to Filtering Service for accurate user-based policy enforcement.

Note: Cisco Secure ACS can provide user information for one domain only. To transparently identify users in multiple domains, use a transparent identification agent.

If user authentication is not enabled on the Cisco security appliance, manual authentication or transparent identification agents can be used to apply user-based policies. See the Administrator Help for information about configuring manual authentication, or configuring transparent identification agents.

If user authentication information is provided by a Cisco security appliance, it can only be used for HTTP(S) and FTP policy management by default.

To enable Internet protocol management, follow these steps:

  1. Log on to the machine on which Filtering Service is installed.
  2. Stop use the Windows Services tool or /opt/Websense/WebsenseDaemonControl command to stop Filtering Service.
  3. Navigate to the bin directory (C:\Program Files\Websense\Web Security\bin or / opt/Websense/bin) and open the eimserver.ini file in a text editor.
  4. Under [WebsenseServer], add the parameter CacheWISPUsers=on.
  5. Use the Windows Services tool or /opt/Websense/WebsenseDaemonControl command to restart Filtering Service.