User-based policies and Cisco integration

Integrating Web Security with Cisco > User-based policies and Cisco integration

Deployment and Installation Center | Web Security Solutions | Version 7.8.x

Applies to:

Web Filter and Web Security, v7.8.x

If http, https or ftp authentication is enabled on a Cisco security appliance, Websense User Service must be installed in the same domain (Windows), or the same root context (LDAP) as authenticated users in order to get correct user information to the Websense Filtering Service component for accurate user-based policy enforcement.


	Note Cisco Secure ACS can provide user information for one domain only. To transparently identify users in multiple domains, use a Websense transparent identification agent.

If user authentication is not enabled on the Cisco security appliance, manual authentication or transparent identification agents can be used to apply user-based policies. See the Web Security Help for information about configuring manual authentication, or configuring transparent identification agents.

If user authentication information is provided by a Cisco security appliance, it can only be used for HTTP(S) and FTP filtering by default.

To enable Internet protocol management, follow these steps:

Log on to the machine on which Filtering Service is installed.

Stop use the Windows Services dialog box or /opt/Websense/WebsenseDaemonControl command to stop Filtering Service.

Navigate to the Websense bin directory (C:\Program Files (x86)\Websense\Web Security\bin or /opt/Websense/bin) and open the eimserver.ini file in a text editor.

Under [WebsenseServer], add the parameter CacheWISPUsers=on.

Use the Windows Services dialog box or /opt/Websense/WebsenseDaemonControl command to restart Filtering Service.

Integrating Web Security with Cisco > User-based policies and Cisco integration