Hey!
i've just set up STAS on my DCs and it's working quite good, only one problem ;).
Config: WebFiltering Auth: Agent (due to STAS)
One Web Filtering Policy for "advanced" users with unlimited download size
One Web Filtering Policy for other users.
The Policy for advanced users is using a Backend Auth Group (AD) to sync users who are allowed to use this profile.
Since i switched from Active Directory (SSO) to Agent due to STAS, my policies that are using backend groups are not working.
I played a bit and found out that when using AD (SSO) authentication the web filtering log looks like this:
action="pass" method="GET" srcip="1.2.3.4" dstip="5.6.7.8" user="user1" group="Extended Web (AD)" ad_domain="MYDOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAdminFilteActio (Advanced Users Filter Action)"
but when i use "Agent" auth, the ad_domain is empty:
action="pass" method="CONNECT" srcip="1.2.3.4" dstip="5.6.7.8" user="user1" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)"
my guess is, that UTM is not able to match that this could be a domain user, and doesnt try or simply doesnt match, but that would make no sense, since the STAS auth IS from my domain...
any ideas how i get STAS and WebFiltering working with backend group policies? :)
This thread was automatically locked due to age.
