Web filtering not picking up user

Question

Authentication logs show the user is authenticated correctly

However when browsing, the web filter doesn't pick up the user, so therefore doesn't apply the right policies

Any ideas where to look?

Karlos · Answer

Hi Stuart James , 
 
 On the firewall rule where you applied Web Filtering, did you select the checkbox for 'Match Known Users' and was this user specified there? 
 
 Thanks,

LuCar Toni · Answer

Is this a Server Protection Client? So there is Intercept X for server installed? Check if this server is in the Best Protection EAP.

LuCar Toni · Answer

SATC was removed due the issues within SATC. It does not work with Internet Explorer, it does not work with Chrome anymore. It will not work, if you have enhanced AV protection by several AVs installed etc. 
 https://bugs.chromium.org/p/chromium/issues/detail?id=930750 
 Therefore SATC was removed and put into EoL state. It got replaced by Server Protection (Intercept X for Server) and a new feature in V19.0 with the legacy proxy. 
 Using V18.5 and Intercept X will work like before in SATC. 
 Using V19.0 and new feature multihost is a new technology to implement a terminal server authentication. You need to have v19.0 for this but you do not need intercept x. https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles/AuthenticationConfigurePerConnectionAuth/index.html#create-firewall-rules-for-multi-user-host-traffic

LuCar Toni · Answer

Actually it is? 
 So to recap: 
 You can do two different things to authenticate a terminal server: 
 You can use Intercept X for Server, which uses a component like SATC. So no changes in behavior there. 
 You can use no software on the server and resolve this with the explicit proxy + kerberos. This is the new feature of V19.0. See: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles/AuthenticationConfigurePerConnectionAuth/index.html#create-firewall-rules-for-multi-user-host-traffic You can use per-connection AD SSO authentication for multi-user hosts configured to use the Firewall as a direct proxy.

Web filtering not picking up user

Top Replies