Sophos UTM 330

is it possible to authenticate active directory user with firewall rule? so far unsuccessful

Parents
  • Hi Brian and welcome to the UTM Community!

    You can create firewall rules with "username (User Network)" objects, but you also must use Sophos Transparent Authentication Suite (STAS) or the Sophos Authentication Agent for the IP to be populated in the UTM.  A user connected via a Remote Access method will have his "(User Network)" object populated automatically.

    Is that what you were looking for?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi BoB Thanks for the info

    I am currently using webproxy/nat and working on using the Firewall rule against users/groups but this has so many challenges. 

     

    I am currently able to authenticate Webpoxy users but not with firewall rule

     

    I would like to stop using proxy/nat and only used Firewall rule with webfilter. is that possible?

  • I'm confused about what you want, Brian.

    "I would like to stop using proxy/nat and only used Firewall rule with webfilter."

    Webfilter is a Proxy.  You might want to consult #2 in Rulz (last updated 2019-04-17).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • sorry Bob,

     

    Can sophos block FACEBOOK if i am  using user/group with firewall rule?

     

     

    Thanks

    Bhquin

  • Yes you can, Brian.

    First, you need to configure user identification as I described above.

    Then, assuming that you're using Web Filtering now, make DNS Host definitions for the FQDNs you find with:

    zgrep 'fbcdn\.net' /var/log/http/2020/*/*|grep -oP 'url=".*?"'|sort -n|uniq -c

    And for:

    zgrep 'url="https\://[A-Za-z0-9.-]*facebook\.com/' /var/log/http/2020/*/*|grep -oP 'url=".*?"'|sort -n|uniq -c

    Because of [A-Za-z0-9.-]*, the second one will take awhile.

    Now you can make a firewall rule like

    {group of (User Network) objects} -> Web Surfing -> {group of Facebook DNS Hosts} : Drop

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Yes you can, Brian.

    First, you need to configure user identification as I described above.

    Then, assuming that you're using Web Filtering now, make DNS Host definitions for the FQDNs you find with:

    zgrep 'fbcdn\.net' /var/log/http/2020/*/*|grep -oP 'url=".*?"'|sort -n|uniq -c

    And for:

    zgrep 'url="https\://[A-Za-z0-9.-]*facebook\.com/' /var/log/http/2020/*/*|grep -oP 'url=".*?"'|sort -n|uniq -c

    Because of [A-Za-z0-9.-]*, the second one will take awhile.

    Now you can make a firewall rule like

    {group of (User Network) objects} -> Web Surfing -> {group of Facebook DNS Hosts} : Drop

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data