RADIUS Server Attributes for Secure Firewall Threat Defense
The threat defense device supports applying user authorization attributes (also called user entitlements or permissions) to VPN connections from the external RADIUS server that are configured for authentication and/or authorization in the remote access VPN policy.
Note | Secure Firewall Threat Defense devices support attributes with vendor ID 3076. |
The following user authorization attributes are sent to the threat defense device from the RADIUS server.
-
RADIUS attributes 146 and 150 are sent from threat defense devices to the RADIUS server for authentication and authorization requests.
-
All three (146, 150, and 151) attributes are sent from threat defense devices to the RADIUS server for accounting start, interim-update, and stop requests.
|
Attribute |
Attribute Number |
Syntax, Type |
Single or Multi-valued |
Description or Value |
|---|---|---|---|---|
|
Connection Profile Name or Tunnel Group Name |
146 |
String |
Single |
1-253 characters |
|
Client Type |
150 |
Integer |
Single |
2 = Secure Client SSL VPN, 6 = Secure Client IPsec VPN (IKEv2) |
|
Session Type |
151 |
Integer |
Single |
1 = Secure Client SSL VPN, 2 = Secure Client IPsec VPN (IKEv2) |
|
Attribute Name |
Threat Defense |
Attr. No. |
Syntax/Type |
Single or Multi- Valued |
Description or Value |
|---|---|---|---|---|---|
|
Access-Hours |
Y |
1 |
String |
Single |
Name of the time range, for example, Business-hours |
|
Access-List-Inbound |
Y |
86 |
String |
Single |
Both of the Access-List attributes take the name of an ACL that is configured on the threat defense device. Create these ACLs using the Smart CLI Extended Access List object type (select Device > Advanced Configuration > Smart CLI > Objects). These ACLs control traffic flow in the inbound (traffic entering the threat defense device) or outbound (traffic leaving the threat defense device) direction. |
|
Access-List-Outbound |
Y |
87 |
String |
Single |
|
|
Address-Pools |
Y |
217 |
String |
Single |
The name of a network object defined on the threat defense device that identifies a subnet, which will be used as the address pool for clients connecting to the remote access VPN. Define the network object on the Objects page and then associate the network object with a group policy or a connection profile. |
|
Allow-Network-Extension-Mode |
Y |
64 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
|
Authenticated-User-Idle-Timeout |
Y |
50 |
Integer |
Single |
1-35791394 minutes |
|
Authorization-DN-Field |
Y |
67 |
String |
Single |
Possible values: UID, OU, O, CN, L, SP, C, EA, T, N, GN, SN, I, GENQ, DNQ, SER, use-entire-name |
|
Authorization-Required |
66 |
Integer |
Single |
0 = No 1 = Yes |
|
|
Authorization-Type |
Y |
65 |
Integer |
Single |
0 = None 1 = RADIUS 2 = LDAP |
|
Banner1 |
Y |
15 |
String |
Single |
Banner string to display for Cisco VPN remote access sessions: IPsec IKEv1, Secure Client SSL-TLS/DTLS/IKEv2, and Clientless SSL |
|
Banner2 |
Y |
36 |
String |
Single |
Banner string to display for Cisco VPN remote access sessions: IPsec IKEv1, Secure Client SSL-TLS/DTLS/IKEv2, and Clientless SSL. The Banner2 string is concatenated to the Banner1 string , if configured. |
|
Cisco-IP-Phone-Bypass |
Y |
51 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
Cisco-LEAP-Bypass |
Y |
75 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
Client Type |
Y |
150 |
Integer |
Single |
1 = Cisco VPN Client (IKEv1) 2 = Secure Client SSL VPN 3 = Clientless SSL VPN 4 = Cut-Through-Proxy 5 = L2TP/IPsec SSL VPN 6 = Secure Client IPsec VPN (IKEv2) |
|
Client-Type-Version-Limiting |
Y |
77 |
String |
Single |
IPsec VPN version number string |
|
DHCP-Network-Scope |
Y |
61 |
String |
Single |
IP Address |
|
Extended-Authentication-On-Rekey |
Y |
122 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
Framed-Interface-Id |
Y |
96 |
String |
Single |
Assigned IPv6 interface ID. Combines with Framed-IPv6-Prefix to create a complete assigned IPv6 address. For example: Framed-Interface-ID=1:1:1:1 combined with Framed-IPv6-Prefix=2001:0db8::/64 gives the assigned IP address 2001:0db8::1:1:1:1. |
|
Framed-IPv6-Prefix |
Y |
97 |
String |
Single |
Assigned IPv6 prefix and length. Combines with Framed-Interface-Id to create a complete assigned IPv6 address. For example: prefix 2001:0db8::/64 combined with Framed-Interface-Id=1:1:1:1 gives the IP address 2001:0db8::1:1:1:1. You can use this attribute to assign an IP address without using Framed-Interface-Id, by assigning the full IPv6 address with prefix length /128, for example, Framed-IPv6-Prefix=2001:0db8::1/128. |
|
Group-Policy |
Y |
25 |
String |
Single |
Sets the group policy for the remote access VPN session. You can use one of the following formats:
|
|
IE-Proxy-Bypass-Local |
83 |
Integer |
Single |
0 = None 1 = Local |
|
|
IE-Proxy-Exception-List |
82 |
String |
Single |
New line (\n) separated list of DNS domains |
|
|
IE-Proxy-PAC-URL |
Y |
133 |
String |
Single |
PAC address string |
|
IE-Proxy-Server |
80 |
String |
Single |
IP address |
|
|
IE-Proxy-Server-Policy |
81 |
Integer |
Single |
1 = No Modify 2 = No Proxy 3 = Auto detect 4 = Use Concentrator Setting |
|
|
IKE-KeepAlive-Confidence-Interval |
Y |
68 |
Integer |
Single |
10-300 seconds |
|
IKE-Keepalive-Retry-Interval |
Y |
84 |
Integer |
Single |
2-10 seconds |
|
IKE-Keep-Alives |
Y |
41 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
|
Intercept-DHCP-Configure-Msg |
Y |
62 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
|
IPsec-Allow-Passwd-Store |
Y |
16 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
|
IPsec-Authentication |
13 |
Integer |
Single |
0 = None 1 = RADIUS 2 = LDAP (authorization only) 3 = NT Domain 4 = SDI 5 = Internal 6 = RADIUS with Expiry 7 = Kerberos/Active Directory |
|
|
IPsec-Auth-On-Rekey |
Y |
42 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
|
IPsec-Backup-Server-List |
Y |
60 |
String |
Single |
Server Addresses (space delimited) |
|
IPsec-Backup-Servers |
Y |
59 |
String |
Single |
1 = Use Client-Configured list 2 = Disable and clear client list 3 = Use Backup Server list |
|
IPsec-Client-Firewall-Filter-Name |
57 |
String |
Single |
Specifies the name of the filter to be pushed to the client as firewall policy |
|
|
IPsec-Client-Firewall-Filter-Optional |
Y |
58 |
Integer |
Single |
0 = Required 1 = Optional |
|
IPsec-Default-Domain |
Y |
28 |
String |
Single |
Specifies the single default domain name to send to the client (1-255 characters). |
|
IPsec-IKE-Peer-ID-Check |
Y |
40 |
Integer |
Single |
1 = Required 2 = If supported by peer certificate 3 = Do not check |
|
IPsec-IP-Compression |
Y |
39 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
IPsec-Mode-Config |
Y |
31 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
|
IPsec-Over-UDP |
Y |
34 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
|
IPsec-Over-UDP-Port |
Y |
35 |
Integer |
Single |
4001- 49151. The default is 10000. |
|
IPsec-Required-Client-Firewall-Capability |
Y |
56 |
Integer |
Single |
0 = None 1 = Policy defined by remote FW Are-You-There (AYT) 2 = Policy pushed CPP 4 = Policy from server |
|
IPsec-Sec-Association |
12 |
String |
Single |
Name of the security association |
|
|
IPsec-Split-DNS-Names |
Y |
29 |
String |
Single |
Specifies the list of secondary domain names to send to the client (1-255 characters). |
|
IPsec-Split-Tunneling-Policy |
Y |
55 |
Integer |
Single |
0 = No split tunneling 1 = Split tunneling 2 = Local LAN permitted |
|
IPsec-Split-Tunnel-List |
Y |
27 |
String |
Single |
Specifies the name of the network or ACL that describes the split tunnel inclusion list. |
|
IPsec-Tunnel-Type |
Y |
30 |
Integer |
Single |
1 = LAN-to-LAN 2 = Remote access |
|
IPsec-User-Group-Lock |
33 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
|
|
IPv6-Address-Pools |
Y |
218 |
String |
Single |
Name of IP local pool-IPv6 |
|
IPv6-VPN-Filter |
Y |
219 |
String |
Single |
ACL value |
|
L2TP-Encryption |
21 |
Integer |
Single |
Bitmap: 1 = Encryption required 2 = 40 bits 4 = 128 bits 8 = Stateless-Req 15= 40/128-Encr/Stateless-Req |
|
|
L2TP-MPPC-Compression |
38 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
|
Member-Of |
Y |
145 |
String |
Single |
Comma-delimited string, for example: An administrative attribute that can be used in dynamic access policies. It does not set a group policy. |
|
MS-Client-Subnet-Mask |
Y |
63 |
Boolean |
Single |
An IP address |
|
NAC-Default-ACL |
92 |
String |
ACL |
||
|
NAC-Enable |
89 |
Integer |
Single |
0 = No 1 = Yes |
|
|
NAC-Revalidation-Timer |
91 |
Integer |
Single |
300-86400 seconds |
|
|
NAC-Settings |
Y |
141 |
String |
Single |
Name of the NAC policy |
|
NAC-Status-Query-Timer |
90 |
Integer |
Single |
30-1800 seconds |
|
|
Perfect-Forward-Secrecy-Enable |
Y |
88 |
Boolean |
Single |
0 = No 1 = Yes |
|
PPTP-Encryption |
20 |
Integer |
Single |
Bitmap: 1 = Encryption required 2 = 40 bits 4 = 128 bits 8 = Stateless-Required 15= 40/128-Encr/Stateless-Req |
|
|
PPTP-MPPC-Compression |
37 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
|
Primary-DNS |
Y |
5 |
String |
Single |
An IP address |
|
Primary-WINS |
Y |
7 |
String |
Single |
An IP address |
|
Privilege-Level |
Y |
220 |
Integer |
Single |
An integer between 0 and 15. |
|
Required-Client- Firewall-Vendor-Code |
Y |
45 |
Integer |
Single |
1 = Cisco Systems (with Cisco Integrated Client) 2 = Zone Labs 3 = NetworkICE 4 = Sygate 5 = Cisco Systems (with Cisco Intrusion Prevention Security Agent) |
|
Required-Client-Firewall-Description |
Y |
47 |
String |
Single |
String |
|
Required-Client-Firewall-Product-Code |
Y |
46 |
Integer |
Single |
Cisco Systems Products: 1 = Cisco Intrusion Prevention Security Agent or Cisco Integrated Client (CIC) Zone Labs Products: 1 = Zone Alarm 2 = Zone AlarmPro 3 = Zone Labs Integrity NetworkICE Product: 1 = BlackIce Defender/Agent Sygate Products: 1 = Personal Firewall 2 = Personal Firewall Pro 3 = Security Agent |
|
Required-Individual-User-Auth |
Y |
49 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
Require-HW-Client-Auth |
Y |
48 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
|
Secondary-DNS |
Y |
6 |
String |
Single |
An IP address |
|
Secondary-WINS |
Y |
8 |
String |
Single |
An IP address |
|
SEP-Card-Assignment |
9 |
Integer |
Single |
Not used |
|
|
Session Subtype |
Y |
152 |
Integer |
Single |
0 = None 1 = Clientless 2 = Client 3 = Client Only Session Subtype applies only when the Session Type (151) attribute has the following values: 1, 2, 3, and 4. |
|
Session Type |
Y |
151 |
Integer |
Single |
0 = None 1 = Secure Client SSL VPN 2 = Secure Client IPSec VPN (IKEv2) 3 = Clientless SSL VPN 4 = Clientless Email Proxy 5 = Cisco VPN Client (IKEv1) 6 = IKEv1 LAN-LAN 7 = IKEv2 LAN-LAN 8 = VPN Load Balancing |
|
Simultaneous-Logins |
Y |
2 |
Integer |
Single |
0-2147483647 |
|
Smart-Tunnel |
Y |
136 |
String |
Single |
Name of a Smart Tunnel |
|
Smart-Tunnel-Auto |
Y |
138 |
Integer |
Single |
0 = Disabled 1 = Enabled 2 = AutoStart |
|
Smart-Tunnel-Auto-Signon-Enable |
Y |
139 |
String |
Single |
Name of a Smart Tunnel Auto Signon list appended by the domain name |
|
Strip-Realm |
Y |
135 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
|
SVC-Ask |
Y |
131 |
String |
Single |
0 = Disabled 1 = Enabled 3 = Enable default service 5 = Enable default clientless (2 and 4 not used) |
|
SVC-Ask-Timeout |
Y |
132 |
Integer |
Single |
5-120 seconds |
|
SVC-DPD-Interval-Client |
Y |
108 |
Integer |
Single |
0 = Off 5-3600 seconds |
|
SVC-DPD-Interval-Gateway |
Y |
109 |
Integer |
Single |
0 = Off) 5-3600 seconds |
|
SVC-DTLS |
Y |
123 |
Integer |
Single |
0 = False 1 = True |
|
SVC-Keepalive |
Y |
107 |
Integer |
Single |
0 = Off 15-600 seconds |
|
SVC-Modules |
Y |
127 |
String |
Single |
String (name of a module) |
|
SVC-MTU |
Y |
125 |
Integer |
Single |
MTU value 256-1406 in bytes |
|
SVC-Profiles |
Y |
128 |
String |
Single |
String (name of a profile) |
|
SVC-Rekey-Time |
Y |
110 |
Integer |
Single |
0 = Disabled 1-10080 minutes |
|
Tunnel Group Name |
Y |
146 |
String |
Single |
1-253 characters |
|
Tunnel-Group-Lock |
Y |
85 |
String |
Single |
Name of the tunnel group or “none” |
|
Tunneling-Protocols |
Y |
11 |
Integer |
Single |
1 = PPTP 2 = L2TP 4 = IPSec (IKEv1) 8 = L2TP/IPSec 16 = WebVPN 32 = SVC 64 = IPsec (IKEv2) 8 and 4 are mutually exclusive. 0 - 11, 16 - 27, 32 - 43, 48 - 59 are legal values. |
|
Use-Client-Address |
17 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
|
|
VLAN |
Y |
140 |
Integer |
Single |
0-4094 |
|
WebVPN-Access-List |
Y |
73 |
String |
Single |
Access-List name |
|
WebVPN ACL |
Y |
73 |
String |
Single |
Name of a WebVPN ACL on the device |
|
WebVPN-ActiveX-Relay |
Y |
137 |
Integer |
Single |
0 = Disabled Otherwise = Enabled |
|
WebVPN-Apply-ACL |
Y |
102 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-Auto-HTTP-Signon |
Y |
124 |
String |
Single |
Reserved |
|
WebVPN-Citrix-Metaframe-Enable |
Y |
101 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-Content-Filter-Parameters |
Y |
69 |
Integer |
Single |
1 = Java ActiveX 2 = Java Script 4 = Image 8 = Cookies in images |
|
WebVPN-Customization |
Y |
113 |
String |
Single |
Name of the customization |
|
WebVPN-Default-Homepage |
Y |
76 |
String |
Single |
A URL such as http://example-example.com |
|
WebVPN-Deny-Message |
Y |
116 |
String |
Single |
Valid string (up to 500 characters) |
|
WebVPN-Download_Max-Size |
Y |
157 |
Integer |
Single |
0x7fffffff |
|
WebVPN-File-Access-Enable |
Y |
94 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-File-Server-Browsing-Enable |
Y |
96 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-File-Server-Entry-Enable |
Y |
95 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-Group-based-HTTP/HTTPS-Proxy-Exception-List |
Y |
78 |
String |
Single |
Comma-separated DNS/IP with an optional wildcard (*) (for example *.cisco.com, 192.168.1.*, wwwin.cisco.com) |
|
WebVPN-Hidden-Shares |
Y |
126 |
Integer |
Single |
0 = None 1 = Visible |
|
WebVPN-Home-Page-Use-Smart-Tunnel |
Y |
228 |
Boolean |
Single |
Enabled if clientless home page is to be rendered through Smart Tunnel. |
|
WebVPN-HTML-Filter |
Y |
69 |
Bitmap |
Single |
1 = Java ActiveX 2 = Scripts 4 = Image 8 = Cookies |
|
WebVPN-HTTP-Compression |
Y |
120 |
Integer |
Single |
0 = Off 1 = Deflate Compression |
|
WebVPN-HTTP-Proxy-IP-Address |
Y |
74 |
String |
Single |
Comma-separated DNS/IP:port, with http= or https= prefix (for example http=10.10.10.10:80, https=11.11.11.11:443) |
|
WebVPN-Idle-Timeout-Alert-Interval |
Y |
148 |
Integer |
Single |
0-30. 0 = Disabled. |
|
WebVPN-Keepalive-Ignore |
Y |
121 |
Integer |
Single |
0-900 |
|
WebVPN-Macro-Substitution |
Y |
223 |
String |
Single |
Unbounded. |
|
WebVPN-Macro-Substitution |
Y |
224 |
String |
Single |
Unbounded. |
|
WebVPN-Port-Forwarding-Enable |
Y |
97 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-Port-Forwarding-Exchange-Proxy-Enable |
Y |
98 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-Port-Forwarding-HTTP-Proxy |
Y |
99 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-Port-Forwarding-List |
Y |
72 |
String |
Single |
Port forwarding list name |
|
WebVPN-Port-Forwarding-Name |
Y |
79 |
String |
Single |
String name (example, “Corporate-Apps”). This text replaces the default string, “Application Access,” on the clientless portal home page. |
|
WebVPN-Post-Max-Size |
Y |
159 |
Integer |
Single |
0x7fffffff |
|
WebVPN-Session-Timeout-Alert-Interval |
Y |
149 |
Integer |
Single |
0-30. 0 = Disabled. |
|
WebVPN Smart-Card-Removal-Disconnect |
Y |
225 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-Smart-Tunnel |
Y |
136 |
String |
Single |
Name of a Smart Tunnel |
|
WebVPN-Smart-Tunnel-Auto-Sign-On |
Y |
139 |
String |
Single |
Name of a Smart Tunnel auto sign-on list appended by the domain name |
|
WebVPN-Smart-Tunnel-Auto-Start |
Y |
138 |
Integer |
Single |
0 = Disabled 1 = Enabled 2 = Auto Start |
|
WebVPN-Smart-Tunnel-Tunnel-Policy |
Y |
227 |
String |
Single |
One of “e networkname,” “i networkname,” or “a,” where networkname is the name of a Smart Tunnel network list, e indicates the tunnel excluded, i indicates the tunnel specified, and a indicates all tunnels. |
|
WebVPN-SSL-VPN-Client-Enable |
Y |
103 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-SSL-VPN-Client-Keep- Installation |
Y |
105 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-SSL-VPN-Client-Required |
Y |
104 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-SSO-Server-Name |
Y |
114 |
String |
Single |
Valid string |
|
WebVPN-Storage-Key |
Y |
162 |
String |
Single |
|
|
WebVPN-Storage-Objects |
Y |
161 |
String |
Single |
|
|
WebVPN-SVC-Keepalive-Frequency |
Y |
107 |
Integer |
Single |
15-600 seconds, 0=Off |
|
WebVPN-SVC-Client-DPD-Frequency |
Y |
108 |
Integer |
Single |
5-3600 seconds, 0=Off |
|
WebVPN-SVC-DTLS-Enable |
Y |
123 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-SVC-DTLS-MTU |
Y |
125 |
Integer |
Single |
MTU value is from 256-1406 bytes. |
|
WebVPN-SVC-Gateway-DPD-Frequency |
Y |
109 |
Integer |
Single |
5-3600 seconds, 0=Off |
|
WebVPN-SVC-Rekey-Time |
Y |
110 |
Integer |
Single |
4-10080 minutes, 0=Off |
|
WebVPN-SVC-Rekey-Method |
Y |
111 |
Integer |
Single |
0 (Off), 1 (SSL), 2 (New Tunnel) |
|
WebVPN-SVC-Compression |
Y |
112 |
Integer |
Single |
0 (Off), 1 (Deflate Compression) |
|
WebVPN-UNIX-Group-ID (GID) |
Y |
222 |
Integer |
Single |
Valid UNIX group IDs |
|
WebVPN-UNIX-User-ID (UIDs) |
Y |
221 |
Integer |
Single |
Valid UNIX user IDs |
|
WebVPN-Upload-Max-Size |
Y |
158 |
Integer |
Single |
0x7fffffff |
|
WebVPN-URL-Entry-Enable |
Y |
93 |
Integer |
Single |
0 = Disabled 1 = Enabled |
|
WebVPN-URL-List |
Y |
71 |
String |
Single |
URL list name |
|
WebVPN-User-Storage |
Y |
160 |
String |
Single |
|
|
WebVPN-VDI |
Y |
163 |
String |
Single |
List of settings |
|
Attribute |
Attribute Number |
Syntax, Type |
Single or Multi-valued |
Description or Value |
|---|---|---|---|---|
|
Address-Pools |
217 |
String |
Single |
The name of a network object defined on the threat defense device that identifies a subnet, which will be used as the address pool for clients connecting to the remote access VPN. Define the network object on the Objects page. |
|
Banner1 |
15 |
String |
Single |
The banner to display when the user logs in. |
|
Banner2 |
36 |
String |
Single |
The second part of the banner to display when the user logs in. Banner2 is appended to Banner1. |
|
Downloadable ACLs |
Cisco-AV-Pair |
merge-dacl {before-avpair | after-avpair} |
Supported via Cisco-AV-Pair configuration. |
|
|
Filter ACLs |
86, 87 |
String |
Single |
Filter ACLs are referred to by ACL name in the RADIUS server. It requires the ACL configuration to be already present on the threat defense device, so that it can be used during RADIUS authorization. 86=Access-List-Inbound 87=Access-List-Outbound |
|
Group-Policy |
25 |
String |
Single |
The group policy to use in the connection. You must create the group policy on the remote access VPN Group Policy page. You can use one of the following formats:
|
|
Simultaneous-Logins |
2 |
Integer |
Single |
The number of separate simultaneous connections the user is allowed to establish, 0 - 2147483647. |
|
VLAN |
140 |
Integer |
Single |
The VLAN on which to confine the user's connection, 0 - 4094. You must also configure this VLAN on a subinterface on the threat defense device. |
You must set the values of the IE-Proxy-Server-Method attribute returned from ISE to one of the following:
-
IE_PROXY_METHOD_PACFILE: 8
-
IE_PROXY_METHOD_PACFILE_AND_AUTODETECT: 11
-
IE_PROXY_METHOD_PACFILE_AND_USE_SERVER: 12
-
IE_PROXY_METHOD_PACFILE_AND_AUTODETECT_AND_USE_SERVER: 15
Threat Defense will deliver a proxy setting only if one of the above values is used for the IE-Proxy-Server-Method attribute.