Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 2186 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bypass Web Protection for non Authenticatd users e.g. Guests

Fireball77

Hi there,

i configured WP with transparent mode and AD-SSO. Works!

When non AD-Users try to surf, they get a DNS error because of missing the Firewall in internet settings (Local Zones)

AD users get the sites by GPO.

What can ido?



This thread was automatically locked due to age.
Parents
  • 0

    There is quite a bit of non-browser traffic on your Active Directory PCs - Automatic updates for Adobe, Java, Antivirus; operating system overhead, etc.    You also have to consider any use of PC-local accounts on AD machines, as well as the non-AD machines like Linux, tablets, and cell phones.   You can get around some of this by doing device-specific authentication within your primary profile:   Specify Windows devices to use AD SSO and non-Windows devices to use Authentication None.  But you still have a problem for non-AD traffic from Windows PCs, so it cannot solve the whole problem.

    My suggestion:   

    Use Standard Mode with AD SSO authentication for AD users on web browsers.  Use Transparent Mode with authentication None for everything else.   (Do not fall into the trap of thinking that the two methods are mutually exclusive; they work best when used together.)   Using both modes will ensure that all traffic is protected, while also ensuring that no traffic is blocked for dumb reasons.   

    How I handle the exceptions:

    Bypassing the web proxy is required for some things, but it should be enabled on an exception basis only.  I create tags like "Web Proxy Bypass", "Allow Program Downloads", and "No Authentication".   These are assigned to destination websites using the [Webites] tab.   Then I have an Exception object for each of the tags, which configures the features corresponding to the tag name.    It avoids a lot of regular expression errors.

Reply
  • 0

    There is quite a bit of non-browser traffic on your Active Directory PCs - Automatic updates for Adobe, Java, Antivirus; operating system overhead, etc.    You also have to consider any use of PC-local accounts on AD machines, as well as the non-AD machines like Linux, tablets, and cell phones.   You can get around some of this by doing device-specific authentication within your primary profile:   Specify Windows devices to use AD SSO and non-Windows devices to use Authentication None.  But you still have a problem for non-AD traffic from Windows PCs, so it cannot solve the whole problem.

    My suggestion:   

    Use Standard Mode with AD SSO authentication for AD users on web browsers.  Use Transparent Mode with authentication None for everything else.   (Do not fall into the trap of thinking that the two methods are mutually exclusive; they work best when used together.)   Using both modes will ensure that all traffic is protected, while also ensuring that no traffic is blocked for dumb reasons.   

    How I handle the exceptions:

    Bypassing the web proxy is required for some things, but it should be enabled on an exception basis only.  I create tags like "Web Proxy Bypass", "Allow Program Downloads", and "No Authentication".   These are assigned to destination websites using the [Webites] tab.   Then I have an Exception object for each of the tags, which configures the features corresponding to the tag name.    It avoids a lot of regular expression errors.

Children
No Data
Unfiltered HTML