I just finished configuring SG310 under 9.315-2. The web filtering is configured to use Full Transparent mode. I have a bridge setup between the switch and a firewall with third interface (management) connected.
Here’s a setup:
1. The SG310 is AD joined.
2. DNS is properly configured. I am able to resolve names of all domain controllers and ping them all from the UTM.
3. Request Routing is configured for my domain and is pointing to the AD DNS severs within my AD site.
4. AD authentication server is configured. Base DN is set. All tests are Pass.
5. The AD account used in previous step have correct SPN set for HTTP service type. (i.e and
6. Web Filtering profile is configured to use AD SSO in Full Transparent mode. Block Access in failed authentication is checked.
7. Policy is configured to use group with backend membership = Active Directory. Limit to backend group(s) membership is set and includes group that I need.
Now, when I logon to the client PC with AD user account, it initially works fine. But after some time (could be anywhere from 15 minutes to 3 hours), a user authentication dialog box pops us. Entering AD username and password does not work. As a matter of fact, if you do enter it, it will lock the user’s AD account. If you click cancel, you get “Authentication Failed” web page. Web Fileting log shows blank username and domain. You can attempt to navigate to the same website a few more times, chances are one of the attempts will succeed only to fail again several minutes later on a different site.
Has anyone experienced the same issue and does anyone know a resolution?
This thread was automatically locked due to age.
