Difference between revisions of "Allow anydesk"

From Secure Web Gateway
Share/Save/Bookmark
Jump to: navigation, search
 
(One intermediate revision by the same user not shown)
Line 2: Line 2:
 
== Overview ==
 
== Overview ==
  
Remote applications like Anydesk and Teamviewer get access to internet if not blocked by firewall.
+
For security reasons you blocked all the traffic to all users. But some of the users in your network need to access remote applications. Using SafeSquid you can allow specific users in your network to access remote applications.
  
The system which is having internet without firewall, remote applications like Anydesk and Teamviewer should not blocked, because any desk first connect through default gateway IP address .
+
== <span class="mw-headline" id="How_it_works.3F">How it works?</span> ==
  
To block remote&nbsp;applications via SafeSquid&nbsp;proxy (Secure web gateway)&nbsp; first you should have to block&nbsp;it on the firewall.
+
When user trying to access remote application, First SafeSquid checks for that user and decide whether this user is allowed to access remote application or not, if yes then SafeSquid gives access to that user, before giving the access it will check for user-agent. If the access allowed to both users and application, then only user can able to access that application. If the user '''Samidha wants access''' of '''xyz '''application, but she is trying to access '''abc '''application, SafeSquid will block to user Samidha.
  
If you create a policy&nbsp;to block Anydesk in firewall then only&nbsp;any desk application tries to connect through proxy.
+
<u>'''Note:'''</u>&nbsp; Remote applications like Any desk and Ammy admin does&nbsp;not supporting SSO authentication.If SSO authentication is enabled you have to bypass it.
  
<u>'''Note:'''</u>&nbsp; Remote applications like Any desk and Ammy admin does&nbsp;not supporting SSO authentication.If SSO authentication is enabled you have to bypass it.
+
Remote applications like '''Remote desktop application, Download managers, etc.'''(Anydesk and Teamviewer ) should get automatically block if HTTPS inspection is enabled. No need to configure any policy for blocking purpose.
  
{| border="0" cellpadding="1" cellspacing="1" style="width: 100%;"
+
{| style="width: 100%" cellspacing="1" cellpadding="1" border="0"
 
|-
 
|-
| style="width: 944px;" |  
+
| style="width: 944px" |  
 
== [http://2017.swg.safesquid.com/wiki/Access_The_SafeSquid_User_Interface Access the SafeSquid interface] ==
 
== [http://2017.swg.safesquid.com/wiki/Access_The_SafeSquid_User_Interface Access the SafeSquid interface] ==
  
Line 23: Line 23:
 
== Go to Real time content security&nbsp;: HTTPS Inspection ==
 
== Go to Real time content security&nbsp;: HTTPS Inspection ==
  
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|-
 
|-
| style="width: 944px;" | [[File:Restrict anydeskSlide1 (1).PNG|border|center|Restrict anydeskSlide1 (1).PNG|link=]]
+
| style="width: 944px" | [[File:Restrict anydeskSlide1 (1).PNG|border|center|Restrict anydeskSlide1 (1).PNG|link=]]
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|-
 
|-
| style="width: 944px;" | [[File:Restrict anydeskSlide1 (2).PNG|border|center|Restrict anydeskSlide1 (2).PNG|link=]]
+
| style="width: 944px" | [[File:Restrict anydeskSlide1 (2).PNG|border|center|Restrict anydeskSlide1 (2).PNG|link=]]
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|-
 
|-
| style="width: 944px;" | [[File:Restrict anydeskSlide1 (3).PNG|border|center|Restrict anydeskSlide1 (3).PNG|link=]]
+
| style="width: 944px" | [[File:Restrict anydeskSlide1 (3).PNG|border|center|Restrict anydeskSlide1 (3).PNG|link=]]
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|-
 
|-
| style="width: 944px;" | [[File:Restrict anydeskSlide1 (4).PNG|border|center|Restrict anydeskSlide1 (4).PNG|link=]]
+
| style="width: 944px" | [[File:Restrict anydeskSlide1 (4).PNG|border|center|Restrict anydeskSlide1 (4).PNG|link=]]
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|-
 
|-
| style="width: 944px;" | [[File:Restrict anydeskSlide1 (5).PNG|border|center|Restrict anydeskSlide1 (5).PNG|link=]]  
+
| style="width: 944px" | [[File:Restrict anydeskSlide1 (5).PNG|border|center|Restrict anydeskSlide1 (5).PNG|link=]]  
 
&nbsp;
 
&nbsp;
  
 
== Go to Restriction Policies&nbsp;: Privacy control ==
 
== Go to Restriction Policies&nbsp;: Privacy control ==
  
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|-
 
|-
| style="width: 944px;" | [[File:Restrict anydeskSlide1 (6).PNG|border|center|Restrict anydeskSlide1 (6).PNG|link=]]
+
| style="width: 944px" | [[File:Restrict anydeskSlide1 (6).PNG|border|center|Restrict anydeskSlide1 (6).PNG|link=]]
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|-
 
|-
| style="width: 944px;" | [[File:Restrict anydeskSlide1 (7).PNG|border|center|Restrict anydeskSlide1 (7).PNG|link=]]
+
| style="width: 944px" | [[File:Restrict anydeskSlide1 (7).PNG|border|center|Restrict anydeskSlide1 (7).PNG|link=]]
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|-
 
|-
| style="width: 944px;" | [[File:Restrict anydeskSlide1 (8).PNG|border|center|Restrict anydeskSlide1 (8).PNG|link=]]
+
| style="width: 944px" | [[File:Restrict anydeskSlide1 (8).PNG|border|center|Restrict anydeskSlide1 (8).PNG|link=]]
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|-
 
|-
| style="width: 944px;" | [[File:AllowanydeskSlide1 (1).PNG|border|center|AllowanydeskSlide1 (1).PNG|link=]][[File:AllowanydeskSlide1 (2).PNG|border|center|AllowanydeskSlide1 (2).PNG|link=]]
+
| style="width: 944px" | [[File:AllowanydeskSlide1 (1).PNG|border|center|AllowanydeskSlide1 (1).PNG|link=]][[File:AllowanydeskSlide1 (2).PNG|border|center|AllowanydeskSlide1 (2).PNG|link=]]
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|-
 
|-
| style="width: 944px;" | [[File:AllowanydeskSlide1 (3).PNG|border|center|AllowanydeskSlide1 (3).PNG|link=]]
+
| style="width: 944px" | [[File:AllowanydeskSlide1 (3).PNG|border|center|AllowanydeskSlide1 (3).PNG|link=]]
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|-
 
|-
| style="width: 944px;" | &nbsp;
+
| style="width: 944px" | &nbsp;
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|-
 
|-
| style="width: 944px;" | [[File:Restrict anydeskSlide1 (12).PNG|border|center|Restrict anydeskSlide1 (12).PNG|link=]]
+
| style="width: 944px" | [[File:Restrict anydeskSlide1 (12).PNG|border|center|Restrict anydeskSlide1 (12).PNG|link=]]
| style="width: 320px;" | &nbsp;
+
| style="width: 320px" | &nbsp;
 
|}
 
|}
  
Line 69: Line 69:
  
 
*Set proxy on anydesk application  
 
*Set proxy on anydesk application  
*If authentication is enabled&nbsp; you have to specify Username and Password on any desk application.  
+
*If authentication is enabled you have to specify Username and Password on any desk application.  
 
*Anydesk should&nbsp;not take auto proxy settings&nbsp;:&nbsp;If you set proxy in IE browser or chrome browser and you select "Try to detect the proxy server" option on anydesk, it should not take proxy automatically. You must have to configure proxy on anydesk application.  
 
*Anydesk should&nbsp;not take auto proxy settings&nbsp;:&nbsp;If you set proxy in IE browser or chrome browser and you select "Try to detect the proxy server" option on anydesk, it should not take proxy automatically. You must have to configure proxy on anydesk application.  
 
*Any desk and ammy admin is not supporting SSO authentication.If SSO authentication is enabled you have to bypass it.  
 
*Any desk and ammy admin is not supporting SSO authentication.If SSO authentication is enabled you have to bypass it.  
  
&nbsp;
+
<u>How to create policy without Application Signature</u>
 +
 
 +
Remote applications are already categorized in the SafeSquid Application Signatures. First you need to check whether the Application is categorized or not&nbsp;
 +
 
 +
*If application is not categorized under default Application Signatures, find User-agent&nbsp;using SafeSquid's extended logs or any other traffic capturing tool.
 +
*Add that User-agent or websites into Request Types
 +
*Bind that created user group and Request Type in Access Profiles and decide whether to block or allow&nbsp;  
  
 
&nbsp;
 
&nbsp;

Latest revision as of 16:49, 7 June 2019

Overview

For security reasons you blocked all the traffic to all users. But some of the users in your network need to access remote applications. Using SafeSquid you can allow specific users in your network to access remote applications.

How it works?

When user trying to access remote application, First SafeSquid checks for that user and decide whether this user is allowed to access remote application or not, if yes then SafeSquid gives access to that user, before giving the access it will check for user-agent. If the access allowed to both users and application, then only user can able to access that application. If the user Samidha wants access of xyz application, but she is trying to access abc application, SafeSquid will block to user Samidha.

Note:  Remote applications like Any desk and Ammy admin does not supporting SSO authentication.If SSO authentication is enabled you have to bypass it.

Remote applications like Remote desktop application, Download managers, etc.(Anydesk and Teamviewer ) should get automatically block if HTTPS inspection is enabled. No need to configure any policy for blocking purpose.

Access the SafeSquid interface

Go to configure page

Restrict remote applicationsSlide1 (1).PNG

Go to Real time content security : HTTPS Inspection

 
Restrict anydeskSlide1 (1).PNG
 
Restrict anydeskSlide1 (2).PNG
 
Restrict anydeskSlide1 (3).PNG
 
Restrict anydeskSlide1 (4).PNG
 
Restrict anydeskSlide1 (5).PNG

 

Go to Restriction Policies : Privacy control

 
Restrict anydeskSlide1 (6).PNG
 
Restrict anydeskSlide1 (7).PNG
 
Restrict anydeskSlide1 (8).PNG
 
AllowanydeskSlide1 (1).PNG
AllowanydeskSlide1 (2).PNG
 
AllowanydeskSlide1 (3).PNG
 
   
Restrict anydeskSlide1 (12).PNG
 

Configuration on anydesk

  • Set proxy on anydesk application
  • If authentication is enabled you have to specify Username and Password on any desk application.
  • Anydesk should not take auto proxy settings : If you set proxy in IE browser or chrome browser and you select "Try to detect the proxy server" option on anydesk, it should not take proxy automatically. You must have to configure proxy on anydesk application.
  • Any desk and ammy admin is not supporting SSO authentication.If SSO authentication is enabled you have to bypass it.

How to create policy without Application Signature

Remote applications are already categorized in the SafeSquid Application Signatures. First you need to check whether the Application is categorized or not 

  • If application is not categorized under default Application Signatures, find User-agent using SafeSquid's extended logs or any other traffic capturing tool.
  • Add that User-agent or websites into Request Types
  • Bind that created user group and Request Type in Access Profiles and decide whether to block or allow