Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 10006 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow certain group of users to download exe's etc

Louis-M

I'm trying to allow our admin department permission to download exe's etc but not allow normal users.

I have UTM 9.4 working with STAS on AD.

I created an IT group with web filtering profile and placed it at the top. It still doesn't allow our IT dept to download these files.

Any ideas?



This thread was automatically locked due to age.
Parents
  • 0

    Please check if the special profile is used when a user tries to download an executable file. You can do this with the "Policy Test" under "Policy Helpdesk".

    Have you verified that the WebFilter is the problem? Maybe some other component blocks the download of the file.

  • 0 in reply to Jas Man

    Can't get this to work. The only way certain people can download exe's is to delete "exe" out of the default filter. Even though I have added a user to another web filter profile (and moved this profile to the top), the user still cannot download an exe. The default filter profile is the only filter with exe blocking so I have to assume this user is going to the default filter profile and not the "elevated user" profile that they should be going to.

  • 0 in reply to Louis-M

    Louis, show us a line from the Web Filtering log where an exe was blocked for download by a person in your first Profile.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I think I may have sorted this issue. Early days yet.

    The default web filtering profile was set on transparent and had no authentication.

    I have an "IT Department" profile above that which was set to AD authentication and SSO (I'm using STAS). This allowed the downloads.

    Problem was, people in the IT group seemed to be falling into the default profile rather than the IT group profile.

    I enabled AD authentication on the default profile with SSO and it now appears to be working as intended.

    One side issue I have noticed is that laptop users who leave their wireless connected to our network and then plug in via ethernet (effectively having 2 ip's on our network due to the laptop software no auto disabling one connection eg no wireless if lan is active)

    their browser seems to go into a loop. It flickers very quickly with the gateway address and authentication as it appears the UTM is getting confused with their username matched against an ip address ie one user per one ip allowed. Is there a work around for this? eg one user can have two ip' at the same time?

  • 0 in reply to Louis-M

    Louis, one of our unwritten rules is "One topic per thread."  Please start a new thread for your new question.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Louis-M

    Louis, one of our unwritten rules is "One topic per thread."  Please start a new thread for your new question.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML