Sophos UTM 330

is it possible to authenticate active directory user with firewall rule? so far unsuccessful

Parents
  • Hi Brian and welcome to the UTM Community!

    You can create firewall rules with "username (User Network)" objects, but you also must use Sophos Transparent Authentication Suite (STAS) or the Sophos Authentication Agent for the IP to be populated in the UTM.  A user connected via a Remote Access method will have his "(User Network)" object populated automatically.

    Is that what you were looking for?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi BoB Thanks for the info

    I am currently using webproxy/nat and working on using the Firewall rule against users/groups but this has so many challenges. 

     

    I am currently able to authenticate Webpoxy users but not with firewall rule

     

    I would like to stop using proxy/nat and only used Firewall rule with webfilter. is that possible?

  • I'm confused about what you want, Brian.

    "I would like to stop using proxy/nat and only used Firewall rule with webfilter."

    Webfilter is a Proxy.  You might want to consult #2 in Rulz (last updated 2019-04-17).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
  • sorry Bob,

     

    Can sophos block FACEBOOK if i am  using user/group with firewall rule?

     

     

    Thanks

    Bhquin

  • Yes you can, Brian.

    First, you need to configure user identification as I described above.

    Then, assuming that you're using Web Filtering now, make DNS Host definitions for the FQDNs you find with:

    zgrep 'fbcdn\.net' /var/log/http/2020/*/*|grep -oP 'url=".*?"'|sort -n|uniq -c

    And for:

    zgrep 'url="https\://[A-Za-z0-9.-]*facebook\.com/' /var/log/http/2020/*/*|grep -oP 'url=".*?"'|sort -n|uniq -c

    Because of [A-Za-z0-9.-]*, the second one will take awhile.

    Now you can make a firewall rule like

    {group of (User Network) objects} -> Web Surfing -> {group of Facebook DNS Hosts} : Drop

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob for your prompt support, i will test later

  • Hoi Brian,

    You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address.  For our German-speaking members, I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi bob

    Thanks i will love to look review your

    I also experience that Internet browsing using proxy is very slow compare to using the gateway. have you herd of this before?