Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 3 answers
  • Subscribers 39 subscribers
  • Views 2365 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Create Exception for Webproxy Authentication

seroal

Hello,

I need to create a authentication exception in XG for the webproxy. There is one internet rule, that is applying a webpolicy, this rule requires authentication. Additionally in the webpolices, users are also configured. Webproxy configured within internet settings on the clients. In UTM this is possible with creating an Webproxy Exception. Nothing more needs to be done. In XG, when all Exceptions are selected, there is still an authentication site displayed. Is it necessary to create a separate firewall for that? Or how can this be achieved?

Thank you.



This thread was automatically locked due to age.
Parents
  • 0

    Hello ,

    Thank you for reaching out to the community, may we know which websites you are adding into the web > exception ? If you can share the sites url and a screenshot of the exception you have created ? 
    Bypass the web proxy in transparent mode: https://support.sophos.com/support/s/article/KB-000037190?language=en_US
    > Example of  web exceptions for Office 365: https://support.sophos.com/support/s/article/KB-000038173?language=en_US

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hello Vivek,

    I´ve looked into the first link. This doesn´t apply, because it´s describing how to bypass the transparent proxy and furthermore, it does not especially clarify the question, how someone could avoid authentication for a specific website.

    In other words: I want to use classic proxy functionality, but I also want to authentication disabled for certain websites, because Applications may not support authentication (or cannot show an authentication popup).

    Basically it looks like this, but it applies to any destination you can imagine.

    I also took a look here, and that actually sounds interesting:

    docs.sophos.com/.../index.html

    I also tried disabling "use web authentication for unknown users" but then, no authentication at all will happen anymore. From the admin-help I understand, that authentication should happen based on the webpolicy settings, if I set "use web authentication for unknown users" to off. Is that right?

    Maybe I should have it set to off, to have my requirements met. But the missing point is then, that authentication is not happening anymore and user has not the rights, he should have.

  • 0 in reply to seroal

    Hey ,

    Thank you for quick information, try using the following URL pattern matches: 
    ^([A-Za-z0-9.-]*\.)?web\.de/
    ^([A-Za-z0-9.-]*\.)?web\.de/consent-management/
    =================================================
    The site falls under the category of Portal sites > so ensure under the web policy used it does not conflict in the web policy rules. 

    And are you using web base authentication i.e., captive portal ? 
    Then leave the  "Match known users." & "Use web authentication for unknown users" option enabled with mentioned users or groups. 

    Also ensure a plain FW rule is created with only DNS service allowed without any  "Match known users." & "Use web authentication for unknown users" option enabled or any web, application or IPS policy applied - keep that to none. 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hi,

    thanks for your quick reply, I also tried that Regex Patterns, it doesn´t change anything.

    The site falls under the category of Portal sites > so ensure under the web policy used it does not conflict in the web policy rules

    -->What do you mean by that? If I create an exception, this should overwrite all other policy settings, right?

    And are you using web base authentication i.e., captive portal ? 
    Then leave the  "Match known users." & "Use web authentication for unknown users" option enabled with mentioned users or groups.

    --> Yes, the Web authentication wis being used and works fine.

    But the main question is still unanswered: How a certain website can be excempted from authentication. In UTM this could be easily done. with creating an exception. FOr this website the firewall then was not requesting authentication. This was necessary for applications, that did not support authentication.

    is there a solution?

    Thanks.

  • 0 in reply to seroal

    Hey ,
    Yup, that should override.  

    Now regarding skipping an authentication: You can create a FQDN base rule on the top [above all the rules.] 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data
Unfiltered HTML