Configuring Cisco WSA Security Policy with AD Authentication

Cisco / November 24, 2014

Configuring Global Security Settings

Network à Authentication

Edit Global Settings

Change default settings according to your preference.

The “Redirect Hostname” must match the DNS name of the LAN/Data interface.

The default time for remembering a client is 3600 Sec or one hour, I am changing mine to 1800 Sec.

Joining WSA to AD

Add Realm

Create Computer Object in AD with the WSA Hostname

Enter desired Name

Choose between LDAP and NTLM

Specify AD servers IP Addresses

Enter AD Domain and Click on Jain Domain…

Enter AD username/password with prividilege to add computer to AD and click on “Create Account”

The below message is a confirmation that it was completed successfully.

Click on Test to verify configuration.

Configuring Identities

Web Security Manager à Identities

Change your default authentication policy to what you want to happen if all fails.

Edit the Global Identity Policy settings.

Change Authentication option to “Require authentication”

Select All Realm or the above newly created realm.

Click on Submit

Commit changes

Adding a New Identity

Create custom URL Categories

Web Security Manager à Custom URL Category

Click on Add Custom URL Category

Adding Access Policies

Web Security Manager à Access Policies

Edit global URL Filtering to block or permit categories

To add New, Click on Add Policy