This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM: force or check authentication via Browser

Is there a possibility to force NTLM Authentication against the UTM Webfilter or is there a possibility to check the Authentication status via the Browser?

Some times we face the Problem, that a User (Administrator) is not Authenticated and therefore Download of Applications (e.g. Firmwareupdates) fails because the administrative rule set is not active.

So, it would be glad, to have Authentication forced and/or checked, without crawling through the logs of the Firewall.



This thread was automatically locked due to age.
Parents
  • Hallo,

    I'm not sure I understand what you're seeing.  Are you working in Transparent or Standard mode?  Is it the user named "Administrator" or do only users that have Administrator privileges sometimes fail to authenticate?  When you crawl through the firewall logs, what are you looking for and what do you find?

    Cheers - Bob
    PS Should I move this thread to the Web Filtering forum?

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi BAlfson

    Thank you for your time.

    We are working in Transparent mode.

    I think, it's not an authentication failure.
    In my opinion, this behaviour is expected, but not very handy.

    Following situation:
    An admin user (user with admin privileges on the Client and on the Firewall) logs in to a Client Computer. At this moment, the Firewall Webfilter is not aware of the respective user. Now this user try to download a Software through third-party application (e.g. Lenovo Firmware updater). This download fails, because the  user is not authenticated against the Firewall (Webfilter log shows user=""). Now he has to open a Browser and open a Webpage that is categorised as only available for authenticated user. At this moment the user will be silently authenticated through NTLM.
    Now he can go back to third-party application and download the software.

    The problems:
    1. the user is not knowing, which websites force an authentication.
    2. he is not able to check if authentication worked or not, without crawling the logs.

    PS: Yes, I think the Web Filtering forum would be the better place.

  • Please show a picture of the Edit of the Web Filtering Profile.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • That's the 'Policies' tab, we need to look at the 'Web Filter Profile' tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
  • It looks like das Problem ist that the user is not initially authenticated with AD, but only as a local user of the PC.

    In any case, I always prefer to use Standard mode with AD with a proxy auto configuration file.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA