Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 5704 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User Group Network (Unresolved) - How To Apply Web Filter Profile?

tscott_16

I have an Active Directory Backend Membership group that is syncing users properly.

I am using STAS for client authentication and it is syncing the correct IP addresses for the users.

A User Group Network has automatically been created in Network Definitions for this group but the Group says "unresolved".

I'm trying to use this User Group Network in a Web Filter Profile but it seems there are no IP addresses associated with the users in this group and therefore the Filter Profile will not apply.

Is this not the correct way to apply Web Filter Profiles to a backend membership group?



This thread was automatically locked due to age.
Parents
  • 0

    Having just responded to your other post on this subject, I think you want to approach this differently.

    If you have Active Directory Security Groups like "Students" and "Teachers" and you already have made Backend Groups in the UTM for them, the simplest solution is to have your LANs in a single Profile and then assign a separate Policy to each Backend Group.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I have tried assigning a separate Policy to each Backend Group but the result (both in function and confirmed via Policy Test tool) is that the separate Policy is applied but never the separate Filter Action... it always skips to the Default Filter Action. I'm not sure what this means. It's as if it knows the user is a member of the Backend Group and applies the Policy based on that but it doesn't know the IP address of the user so it doesn't know to apply the correct Filter Action.

    If I manually create users with Static IP's and add those users to the separate Policy, both Policy and Filter Actions are assigned properly but I cannot get this to work with Backend Groups.

    I should note, I am using STAS and when the users log into their Windows AD accounts, their usernames and IP's are showing up under Client Authentication > Global, and new users are being created automatically as expected.

Reply
  • 0 in reply to BAlfson

    I have tried assigning a separate Policy to each Backend Group but the result (both in function and confirmed via Policy Test tool) is that the separate Policy is applied but never the separate Filter Action... it always skips to the Default Filter Action. I'm not sure what this means. It's as if it knows the user is a member of the Backend Group and applies the Policy based on that but it doesn't know the IP address of the user so it doesn't know to apply the correct Filter Action.

    If I manually create users with Static IP's and add those users to the separate Policy, both Policy and Filter Actions are assigned properly but I cannot get this to work with Backend Groups.

    I should note, I am using STAS and when the users log into their Windows AD accounts, their usernames and IP's are showing up under Client Authentication > Global, and new users are being created automatically as expected.

Children
  • 0 in reply to tscott_16

    What you're describing indicates a misconfiguration.  Please insert pictures of the Profile and the Policies.  As well, show a line from the Web Filtering log where you believe that the access should have qualified for a policy but received the default Filter Action.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML