Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 7699 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering - Device OS not recognized / device-specific authentication not working

Marc Schröder

Hello community,

i have a problem with my apple ios devices.

 

As standard we use basic authentication fed by ms active directory groups.

So users usually have to type username and password of their ad-accounts.

 

Now we would like to let our apple ios devices online without authentication because the network where they come from is already secure and the devices have certificates and so on.

 

I wanted to use device-specific authentication and added ios devices with no authentication to the global web filtering lower right part.

Nothing happens and the devices still get their pop-ups.

 

As i understand this function the UTM should be aware what kind of devices tries to establish the connection.

So the device under it´s ip should be seen in the logs as device="4" for iOS-Device.

 

While checking the logs i saw, that all devices are regarded to as device="0" (unknown).

 

Am i missing a function anywhere? Why isn´t the UTM not device aware?

 

Maybe you can help...

 

ThanX

 

Marc

 

PS:

 

SG550

9.510-5

 

 

 

     


This thread was automatically locked due to age.
Parents
  • 0

    I wonder if you may have found a bug.   Have you opened a support case yet?

    I have a small number of cell phones allowed on my network, so I parsed several days of log files to see if I could find them.   So far, I only see entries with device=0.  But I do not yet have a formal test with a specific phone on a known IP browsing a specific website.   I may pursue that in a few days.

    Are you getting a UA string that indicates the phone browser identity was captured?   I have not yet found one, so my results may still be meaningless.

    Running 9.506-2

  • 0 in reply to DouglasFoster

    Hi Douglas,

    "feels" like a bug :)

    DouglasFoster said:

     

    Are you getting a UA string that indicates the phone browser identity was captured?   I have not yet found one, so my results may still be meaningless.

    Running 9.506-2

     

    Provided a snippet of the log where you can see slightly some windows machines which provide correct os and browser information.

    The i-devices do the same. But they aren´t categorized.

    As i have read the instructions this should be the case all along... :-/

     

    Greez Marc

  • 0 in reply to Marc Schröder

    What version of iOS is this device running? Has it been upgraded to iOS 12 recently?

Reply Children
  • 0 in reply to RichBaldry

    Hello guys,

     

    i have the same issure with the UTM Version 9.506 and IOS 12.1

    How it is with the 9.510 or 9.6?

    Br McWolle

    Sophos Certified Engineer (SCE)
    Sophos Certified Architect (SCA)

  • 0 in reply to McWolle

    Does anyine know how devuce detection works?  I am guessing it parses the useragent text, but support level 1 did not know.

    Also, I established that device data is only captured when device-specific authentication is enabled, but you already have that set.

  • 0 in reply to DouglasFoster

    Device detection uses a combination of TCP packet signatures and other factors. User-agent is used as a secondary factor where TCP signatures do not provide enough information.

    TCP packet signatures have the advantage of being able to determine very quickly on every connection and work even on encrypted (SSL/TLS/HTTPS) traffic. But User-agent is only visible for HTTP traffic, not HTTPS. Where we are relying on secondary factors that cannot be evaluated on every flow, we rely more heavily on storing/caching device information on a per-IP basis, which can sometimes lead to incorrect assessments persisting.

    A major area where TCP signatures are not distinct enough is with recent versions of Apple's operating systems. User-agent is critical right now for distinguishing between iOS and MacOS.

  • 0 in reply to RichBaldry

    Thx, RichBaldry for the for the detailed explanation.
    So i activate for Macos and Ios to the same device-specific authentication ;-)

    Br McWolle

    Sophos Certified Engineer (SCE)
    Sophos Certified Architect (SCA)

Unfiltered HTML