After a year, I've decided to try Sophos XG again. Currently using UTM 9.5 - which has its issues, but works well.
I am trying to find out how to force all web requests through the proxy port.
Sadly, I'm not getting far with Sophos XG.
If I add a firewall rule allowing HTTP and HTTPS traffic, this works without having to go through the proxy port. This is not what I want, I want users to have to use the proxy on port 3128. From there, I can assign policies and rules, depending on which user group they are in. If they try and go through the firewall directly, I want their requests either blocked or (best case) a message explaining that they are not authenticated so they may not browse the web.
User authentication will be done by active directory SSO and I intend to set the proxy via a WPAD file.
This was really easy to do with UTM 9.5, but I'm constantly hitting brick walls with Sophos XG.
Here's what I've done so far...
- Joined XG firewall to domain. AD server appears in authentication > servers
- Imported desired AD groups into the XG firewall. These groups appear in authentication > groups
- Set NTLM authentication enabled on the LAN zone
- Configured my AD server as highest priority in firewall authentication methods
- Added a firewall rule allowing HTTP and HTTPS to a certain group
- Added a firewall rule (BOTTOM) denying all access without user identity
Have I missed anything? Can anybody help?
Thanks
This thread was automatically locked due to age.