Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering Not Detecting Users


A few days ago I started a trial of SFOS 18.5 as a Hyper-V VM, specifically to trial the Web Filtering feature.

Our users log on to Server 2012R2 Remote Desktop Servers.

I've followed the guides on the website to add an AD server along with the groups I would like to use with Web Filtering.  I've created Web Filtering Policies and assigned the groups to them accordingly.

I then setup a firewall rule to allow web filtering.

My initial problem was that the proxy was intercepting the traffic, but was not filtering the user.  I could tell from the logs that it could see the correct user group.

After some Googling I came across this post and came to the conclusion that Web Filtering on RD Servers is not supported without the SATC client installed, but the SATC client is EOL. However, SFOS 19 uses direct proxy with AD SSO.

This morning I have upgraded to SFOS 19 and implemented the AD SSO thing per this guide.

When I try to browse the web via the web filter (Chrome), I immediately get the error "ERR_TUNNEL_CONNECTION_FAILED".

I've checked the XG log and get the following error message:

messageid="17945" log_type="Event" log_component="AD SSO" log_subtype="Authentication" status="Failed" user="" user_group="" client_used="" auth_mechanism="" reason="" src_ip="DC_IP_ADDRESS" message="Cannot establish NTLM authentication channel with MyDomainName" name="" src_mac=""

Text in red has been changed by me.

I've followed the instructions again and as far as I can tell I have done everything OK.  I can log into the XG with my Domain account.

Any ideas?

Many thanks

This thread was automatically locked due to age.