For security reasons you blocked all the traffic to all users. But some of the users in your network need to access remote applications. Using SafeSquid you can allow specific users in your network to access remote applications.
How it works?
When user trying to access remote application, First SafeSquid checks for that user and decide whether this user is allowed to access remote application or not, if yes then SafeSquid gives access to that user, before giving the access it will check for user-agent. If the access allowed to both users and application, then only user can able to access that application. If the user Samidha wants access of xyz application, but she is trying to access abc application, SafeSquid will block to user Samidha.
Note: Remote applications like Any desk and Ammy admin does not supporting SSO authentication.If SSO authentication is enabled you have to bypass it.
Remote applications like Remote desktop application, Download managers, etc. (Anydesk and Teamviewer) should get automatically block if HTTPS inspection is enabled. No need to configure any policy for blocking purpose.
Go to configure page
Go to Real time content security: HTTPS Inspection
Go to Restriction Policies
Configuration on anydesk
Set proxy on anydesk application
If authentication is enabled you have to specify Username and Password on any desk application.
Anydesk should not take auto proxy settings: If you set proxy in IE browser or chrome browser and you select "Try to detect the proxy server" option on anydesk, it should not take proxy automatically. You must have to configure proxy on anydesk application.
Any desk and ammy admin is not supporting SSO authentication.If SSO authentication is enabled you have to bypass it.
How to create policy without Application Signature
Remote applications are already categorized in the SafeSquid Application Signatures. First you need to check whether the Application is categorized or not
If application is not categorized under default Application Signatures, find User-agent using SafeSquid's extended logs or any other traffic capturing tool.
Add that User-agent or websites into Request Types
Bind that created user group and Request Type in Access Profiles and decide whether to block or allow