Web Filtering - Device OS not recognized / device-specific authentication not working

Hello community,

i have a problem with my apple ios devices.

 

As standard we use basic authentication fed by ms active directory groups.

So users usually have to type username and password of their ad-accounts.

 

Now we would like to let our apple ios devices online without authentication because the network where they come from is already secure and the devices have certificates and so on.

 

I wanted to use device-specific authentication and added ios devices with no authentication to the global web filtering lower right part.

Nothing happens and the devices still get their pop-ups.

 

As i understand this function the UTM should be aware what kind of devices tries to establish the connection.

So the device under it´s ip should be seen in the logs as device="4" for iOS-Device.

 

While checking the logs i saw, that all devices are regarded to as device="0" (unknown).

 

Am i missing a function anywhere? Why isn´t the UTM not device aware?

 

Maybe you can help...

 

ThanX

 

Marc

 

PS:

 

SG550

9.510-5

 

 

 

     
  • Hi Marc,

    Did you try different web browsers to test if the log entries changes? Alongside, verify the http log lines for multiple machines to make sure, if the issue affects globally or is it related to specific machine/OS. If that doesn't change the behaviour, restart the http proxy from shell command, /var/mdw/scripts/httpproxy restart

    Thanks,

  • In reply to sachingurung:

    Hello Sachin,

    the problem is multi os wide with different browsers and apps. Every proxy using device is "device="0"" (unknown). If we don't miss another part which might be necessary I will do as suggested and reboot the proxy by shell.

    As we run the UTM clustered and five locations with nearly 5000 people are involved I will do this some night in a few days...

    Thanks for the answer for my request :)

    Greetings

    Marc

  • Hallo Marc and welcome to the UTM Community!

    Please show a picture of the Edit of the Profile for the IOS devices.

    Cheers - Bob

  • I wonder if you may have found a bug.   Have you opened a support case yet?

    I have a small number of cell phones allowed on my network, so I parsed several days of log files to see if I could find them.   So far, I only see entries with device=0.  But I do not yet have a formal test with a specific phone on a known IP browsing a specific website.   I may pursue that in a few days.

    Are you getting a UA string that indicates the phone browser identity was captured?   I have not yet found one, so my results may still be meaningless.

    Running 9.506-2

  • In reply to BAlfson:

    Hi Bob,

    thanks for the help!

    Actually it runs through our "basic" default profile.

    As i understood the manual you have the option to configure device-specific auth via
    two methods.

    Web filtering or web filtering profiles.

    There isn´t a specific Profile regarding the ios devices because they originate of the same network.

    What makes me curios is the fact that no device or browser is recognized as device 1,4,3 or whatever.

    The log shows the right vendor and browser for the devices but doesn´t use this information.

    Greetz Marc

  • In reply to DouglasFoster:

    Hi Douglas,

    "feels" like a bug :)

    DouglasFoster

     

    Are you getting a UA string that indicates the phone browser identity was captured?   I have not yet found one, so my results may still be meaningless.

    Running 9.506-2

     

    Provided a snippet of the log where you can see slightly some windows machines which provide correct os and browser information.

    The i-devices do the same. But they aren´t categorized.

    As i have read the instructions this should be the case all along... :-/

     

    Greez Marc

  • In reply to Marc Schröder:

    ok... now i provided...

  • In reply to Marc Schröder:

    What version of iOS is this device running? Has it been upgraded to iOS 12 recently?