Allow anydesk

From Secure Web Gateway

Overview

For security reasons you blocked all the traffic to all users. But some of the users in your network need to access remote applications. Using SafeSquid you can allow specific users in your network to access remote applications.

How it works?

When user trying to access remote application, First SafeSquid checks for that user and decide whether this user is allowed to access remote application or not, if yes then SafeSquid gives access to that user, before giving the access it will check for user-agent. If the access allowed to both users and application, then only user can able to access that application. If the user Samidha wants access of xyz application, but she is trying to access abc application, SafeSquid will block to user Samidha.

Note:  Remote applications like Any desk and Ammy admin does not supporting SSO authentication.If SSO authentication is enabled you have to bypass it.

Remote applications like Remote desktop application, Download managers, etc.(Anydesk and Teamviewer ) should get automatically block if HTTPS inspection is enabled. No need to configure any policy for blocking purpose.

Access the SafeSquid interface

Go to configure page

Restrict remote applicationsSlide1 (1).PNG

Go to Real time content security : HTTPS Inspection

 
Restrict anydeskSlide1 (1).PNG
 
Restrict anydeskSlide1 (2).PNG
 
Restrict anydeskSlide1 (3).PNG
 
Restrict anydeskSlide1 (4).PNG
 
Restrict anydeskSlide1 (5).PNG

 

Go to Restriction Policies : Privacy control

 
Restrict anydeskSlide1 (6).PNG
 
Restrict anydeskSlide1 (7).PNG
 
Restrict anydeskSlide1 (8).PNG
 
AllowanydeskSlide1 (1).PNG
AllowanydeskSlide1 (2).PNG
 
AllowanydeskSlide1 (3).PNG
 
   
Restrict anydeskSlide1 (12).PNG
 

Configuration on anydesk

  • Set proxy on anydesk application
  • If authentication is enabled you have to specify Username and Password on any desk application.
  • Anydesk should not take auto proxy settings : If you set proxy in IE browser or chrome browser and you select "Try to detect the proxy server" option on anydesk, it should not take proxy automatically. You must have to configure proxy on anydesk application.
  • Any desk and ammy admin is not supporting SSO authentication.If SSO authentication is enabled you have to bypass it.

How to create policy without Application Signature

Remote applications are already categorized in the SafeSquid Application Signatures. First you need to check whether the Application is categorized or not 

  • If application is not categorized under default Application Signatures, find User-agent using SafeSquid's extended logs or any other traffic capturing tool.
  • Add that User-agent or websites into Request Types
  • Bind that created user group and Request Type in Access Profiles and decide whether to block or allow