Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 16290 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 330

brian harlequin

is it possible to authenticate active directory user with firewall rule? so far unsuccessful



This thread was automatically locked due to age.
Parents
  • 0

    Hi Brian and welcome to the UTM Community!

    You can create firewall rules with "username (User Network)" objects, but you also must use Sophos Transparent Authentication Suite (STAS) or the Sophos Authentication Agent for the IP to be populated in the UTM.  A user connected via a Remote Access method will have his "(User Network)" object populated automatically.

    Is that what you were looking for?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi BoB Thanks for the info

    I am currently using webproxy/nat and working on using the Firewall rule against users/groups but this has so many challenges. 

     

    I am currently able to authenticate Webpoxy users but not with firewall rule

     

    I would like to stop using proxy/nat and only used Firewall rule with webfilter. is that possible?

  • 0 in reply to brian harlequin

    I'm confused about what you want, Brian.

    "I would like to stop using proxy/nat and only used Firewall rule with webfilter."

    Webfilter is a Proxy.  You might want to consult #2 in Rulz (last updated 2019-04-17).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    sorry Bob,

     

    Can sophos block FACEBOOK if i am  using user/group with firewall rule?

     

     

    Thanks

    Bhquin

  • 0 in reply to brian harlequin

    Yes you can, Brian.

    First, you need to configure user identification as I described above.

    Then, assuming that you're using Web Filtering now, make DNS Host definitions for the FQDNs you find with:

    zgrep 'fbcdn\.net' /var/log/http/2020/*/*|grep -oP 'url=".*?"'|sort -n|uniq -c

    And for:

    zgrep 'url="https\://[A-Za-z0-9.-]*facebook\.com/' /var/log/http/2020/*/*|grep -oP 'url=".*?"'|sort -n|uniq -c

    Because of [A-Za-z0-9.-]*, the second one will take awhile.

    Now you can make a firewall rule like

    {group of (User Network) objects} -> Web Surfing -> {group of Facebook DNS Hosts} : Drop

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to brian harlequin

    Yes you can, Brian.

    First, you need to configure user identification as I described above.

    Then, assuming that you're using Web Filtering now, make DNS Host definitions for the FQDNs you find with:

    zgrep 'fbcdn\.net' /var/log/http/2020/*/*|grep -oP 'url=".*?"'|sort -n|uniq -c

    And for:

    zgrep 'url="https\://[A-Za-z0-9.-]*facebook\.com/' /var/log/http/2020/*/*|grep -oP 'url=".*?"'|sort -n|uniq -c

    Because of [A-Za-z0-9.-]*, the second one will take awhile.

    Now you can make a firewall rule like

    {group of (User Network) objects} -> Web Surfing -> {group of Facebook DNS Hosts} : Drop

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML