[c-nsp] Cisco ScanSafe, aka Cisco Cloud Web Security

Eugeniu Patrascu eugen at imacandi.net
Fri Dec 6 10:39:40 EST 2013


Aha, so the client determines that "hey, you need to authenticate to this
portal first" and then is business as usual. This makes complete sense.

>From the discussion I was under the impression that there is no client
installed on the machine and you push browser proxy settings through GPO
and that's it, hence my dilemma.

Regads,
Eugeniu


On Fri, Dec 6, 2013 at 4:51 PM, Scott Voll <svoll.voip at gmail.com> wrote:

> Accept the terms of the captive portal, then all your connections go to
> CCWS after that.  The anyconnect client is smart enough to not push the
> traffic until it has a internet connection.  I guess unless you put it into
> a closed state.  we have it open so that when they are out of the office
> they can go through the portal, then be proxied.
>
> Hope I understood that correctly.
>
> Scott
>
>
>
> On Thu, Dec 5, 2013 at 11:14 PM, Eugeniu Patrascu <eugen at imacandi.net>wrote:
>
>> Hi,
>>
>> How do you handle captive portals in hotels and other venues where you
>> first have to login into the portal and then have Internet access ?
>>
>> This is my biggest woe right now in this regards with any kind of proxy
>> settings I can push to users.
>>
>> Thanks,
>> Eugeniu
>>
>>
>> On Thu, Dec 5, 2013 at 10:05 PM, Scott Voll <svoll.voip at gmail.com> wrote:
>>
>>> We currently use CCWS (previously ScanSafe) with the Anyconnect client.
>>>  Nice solution.  Whether your in the office or remoting from a Starbucks,
>>> the traffic is always proxied.  We went with the solution because of a
>>> couple reasons:
>>>
>>> 1. with multiple egress points on the corporate network, we didn't want
>>> to
>>> be down if we lost a proxy server.
>>>
>>> 2. corporate laptops whether in the office or at Starbucks would still be
>>> proxied.  This helps limit our virus and malware infections.  and
>>> provides
>>> HR reports.
>>>
>>> 3 split tunneling would be an option because the traffic doesn't have to
>>> come back to your internal proxy.
>>>
>>> 4. our remote home office bandwidth is very limited, so using the cloud
>>> it
>>> provided for better use of that bandwidth.
>>>
>>> all and all it's a good solution.  I'm not going to tell you that we have
>>> not had any issues, but with any new solution, there will be a couple
>>> bruises along the way.
>>>
>>> YMMV
>>>
>>> Scott
>>>
>>>
>>>
>>> On Wed, Dec 4, 2013 at 7:53 AM, Herro91 <herro91 at gmail.com> wrote:
>>>
>>> > Hi,
>>> >
>>> > I'm doing some research on the Cisco Cloud Web Security offering, also
>>> > known as ScanSafe.
>>> >
>>> > Has anyone on the lists explored Cisco's ScanSafe SaaS offering, now
>>> called
>>> > Cisco Cloud Web Security - as a means of providing protection in the
>>> cloud
>>> > that would potentially negate the requirement to have a full tunnel
>>> (i.e.
>>> > allow split tunneling) for teleworkers?
>>> >
>>> >
>>> > Thanks!
>>> >
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>>
>


More information about the cisco-nsp mailing list