How to Bypass Authentication for Specific Client IP Addresses?

Question

How do you bypass authentication for specific client IP addresses?

Environment: Cisco Web Security Appliance (WSA), all AsyncOS versions.

Certain client applications will not work properly in an environment where a web proxy requires authentication. For this reason, specific client IP addresses may be identified by the WSA and can be configured to bypass authentication.

In order to exempt authentication for certain client IP addresses, create an identity based on a specific IP address/addresses and ensure that the Identity is at the top of the order. Optionally, create an access policy based on this Identity to control which web sites/catgeories the clients can access.

1. Create a new Identity from GUI -> Web Security Manager-> Identities.
   
   
2. Under Define Members by Subnet, specify individual client IP addresses or subnets.
   
   
3. Under Define Members by Authentication, select No Authentication.
   
   
4. Save the Identity and place it towards the top of the Identities list.
   
   
5. Optional: Under Web Security Manager > Access Policies create a new access policy and under the Identities section specify the above Identity.