Guest Policies Parent topic

IWSVA supports the use of guest policies to allow users who log in to the network, but are not found in the LDAP, to still fall under the aegis of IWSVA scanning and content policy.
Guest policies are available for HTTPS decryption, Advanced Threat Protection ,HTTP Inspection, Data Loss Prevention, Applets and ActiveX security, and URL Filtering.
For example, say a guest user logs in using credentials from a part of the corporate network that is not covered by the local LDAP server for example, someone from the German office logging in locally to the US office.
The following rules and conditions apply:
  • IWSVA needs to be configured for User/group name authentication (LDAP) in the Administration > IWSVA Configuration > User Identification | User Identification tab.
  • Enable guest account must be selected in the Administration > IWSVA Configuration > User Identification | User Identification page, and enable Captive Portal.
  • Guest policies always take the highest priority for guest user—if a guest is also included in any policy other than the guest policy, the guest policy will apply to the guest.