Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 5513 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Users in Web Filtering Logs on Terminal Server Environment

ChrisHibberd

Hi,

We have the web filtering enabled on our clustered terminal server environment running in Transparent mode for HTTPS filtering too and all works well

At the moment when looking in the Web Protection dashboard it only lists the names of the terminal servers for stuff like "Top Users by Time Spent" and we would prefer if we can get the named users on the terminal server that are trying to access the Internet - is this possible?

EDIT: As an additonal I've just enabled AD SSO and added it to the domain and things and can see in the logs it's picking up user names and things like that but still in the Web Filter reports it only clases the terminal server hostnames as user.



This thread was automatically locked due to age.
Parents
  • 0

    Hey, Chris.

    Your approach seems spot on. With transparent mode there is no user authentication, hence no reporting by user. The only way to get report information by users is to use AD SSO, and it appears you have done it right.

    The reports might take a little while to pickup your authentication modifications, specially for stuff like "Top Users", that gather information from the last 24 hours to build up on. Are you still seeing only your RDS host name on the reports? Have you tried checking "Logging & Reporting" / "Web Protection" and selecting "Users" at "Available Reports" to see if your user names have started to pop-up?

    Regards - Giovani

  • 0 in reply to giomoda

    It isn't going to work. In transparent mode, the only thing UTM sees is the source IP address. There is no mechanism by which UTM can associate a user ID to the request. You'll have to switch to explicit proxy mode. In that scenario, when the client browser connects to the UTM proxy process, UTM can ask for credentials and the browser will supply them. UTM can then associate a user id to the session.

    The only other method I can think of is to configure things such that when users on the terminal server make their first web request, they get redirected to a captive portal which queries for their user id and password which can then be verified against AD using LDAP.

    I don't think there's any way to do that in UTM for wired network connections.

Reply
  • 0 in reply to giomoda

    It isn't going to work. In transparent mode, the only thing UTM sees is the source IP address. There is no mechanism by which UTM can associate a user ID to the request. You'll have to switch to explicit proxy mode. In that scenario, when the client browser connects to the UTM proxy process, UTM can ask for credentials and the browser will supply them. UTM can then associate a user id to the session.

    The only other method I can think of is to configure things such that when users on the terminal server make their first web request, they get redirected to a captive portal which queries for their user id and password which can then be verified against AD using LDAP.

    I don't think there's any way to do that in UTM for wired network connections.

Children
No Data
Unfiltered HTML