Information: Three minute survey on Exploring more ways to contact Sophos Technical Support. If you can spare the time, we would love your feedback!
We'd love to hear about it! Click here to go to the product suggestion community
I´d like to do authentication based on groups. My appliance is a WSA500.
I only want to allow internet access to users in the AD group ghttp.
Is that possible?
If yes, please tell me how.
There's several ways to achieve this goal, here is one way:
First, make sure you set up AD Authentication on your appliance:
- Sophos Web Appliance: requirements and best practices to setup authentication
- Configuring Active Directory Access
Then you can set up your default policy to block all
Lastly, you can set up an Additional Policy - specify AD group ghttp and allow the categories you would like for them to be able to access
In reply to Karlos:
I saw the points in the menus.
But one question is coming up everytime:
Why does everyone has access to the internet although I configured in the Group Policy default groups menu, that only specific groups are allowed to!?
But I have users which are not member of this group ghttp which are still allowed to access the internet....
Or is your suggestion to fix it with additional Policy my solution already?
Thanks in advance,
In reply to ChristianZittar:
Under Default Groups, make sure that your radio button is selected as you are trying to configure.
Under System Authentication, authentication failure, make sure that you Block access.
If it is still allowing access that it shouldn't, under the Recent Activity Search, is it showing the usernames or the IPs?
In reply to Michael Dunn:
thanks for the informations.
Under Default Groups I have selected the radio button, Only selectewd Entries
Under System Authentication is Block Access
Under Recent Activity Search I have the usernames.
Go to the Policy Test menu item. Enter in the destination and user name and test.
If the "Policy" that it hits is Default Policy, then you have a problem with Default Groups.
If the Policy is the name of one of your additional policies, you have a problem with that one, check the first tab.
Thank you!! I wanted to do the same something in my site: https://descargar-geometrydash.com/ and I could do it.
Now, I will try to replicate to other sites I am managing.