Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 20 replies
  • Subscribers 5 subscribers
  • Views 10743 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 Web filtering picks computer$ account for some users

Taner Demirtas

Hi,

I am having very interesting problem. I have setup web filtering with active directory group and members of these groups can go to internet. I also set block action for the others who are not member of these groups. Some of my users which are members of these groups, blocked and when i checked the logs, i have found out that there is no user information for this users but only computer$ account. Those users are blocked and cannot use the internet now because of the block action.

I didnt set any proxy to my client yet.  I have checked couple of article and i couldnt find anything regarding to this either. When I set proxy on a client it comes with right information but otherwise keeps coming with computer$ account.

Has anyone ever struggle with this?

Regards,  



This thread was automatically locked due to age.
Parents
  • 0

    There are several ways of doing authentication, one of the common ones is NTLM.  IIRC NTLM will authenticate and cache that information for about 5 minutes before trying to authenticate again.  If the web request that is trying to authenticate comes from a browser or application running in user space, it will authenticate with that user.  If the request comes from something running as a system or computer account, it will authenticate like that.

    It will continue to use the computer account for five minutes, until it authenticates again.

    Off the top of my head, I do not recall what the solution is on the UTM.

  • 0 in reply to Michael Dunn

    Hi Michael,

    Thank you very much for you answer.

    If i make them come through proxy as you say because of the packages comes through browser it fixes the problem. But I have some firewall rules which determines, which user to go to which servers. As i created groups and all of my users connects through this rules. As far as i understand it will use computer account as well to try to connect fileserver. (All my servers are in DMZ and all group members connect through allowed ports) So this will be another problem if i use proxy for the web browsing.

    I am using STAS to send data to firewall on my DC but still some computers use computer$ account and in 5 or 10 mins doesnt change. 

    Do you believe there is a solution for this or is there any suggestion you can make me that i can follow?

    Again thank you. 

  • 0 in reply to Taner Demirtas

    If you are using STAS then I don't think that you should ever be getting computer$ names.  I would look to your STAS configuration.  Sorry I cannot help more.

     

    https://community.sophos.com/kb/en-us/123141

    https://community.sophos.com/kb/en-us/123156

Reply Children
No Data
Unfiltered HTML