User Guide

136
IRONPORT ASYNCOS 6.3 FOR WEB USER GUIDE
Note — If an Identity allows guest access and there is no user defined policy group that uses
that Identity, users who fail authentication match the global policy for that policy type. For
example, if MyIdentity allows guest access and there is no user defined Access Policy that
uses MyIdentity, users who fail authentication match the global Access Policy. If you do not
want guest users to match a global policy, create a policy group above the global policy that
applies to guest users and blocks all access.
When the Web Proxy grants a user guest access, it identifies and logs the user as a guest in the
access logs. You can specify whether the Web Proxy identifies the user by IP address or user
name. In the access logs, reports, and end-user acknowledgement page, entries for guest users
have one of the following formats:
(unauthenticated)IP_address
(unauthenticated)username_entered
You can enable guest access for an Identity that uses any authentication protocol or scheme.
To grant guest access to a user:
1. Define an Identity group and enable the “Support Guest privileges for users failing
authentication” option.
2. Create an Access, Decryption, Routing, Data Security, or External DLP Policy and select
the Identity created in step 1.
3. In the Access, Decryption, Routing, Data Security, or External DLP Policy group
membership, select “Guests (users failing authentication)” for the Identity in step 1.