Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 2868 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue with authenticatin SSO tansparent mode with web filtering Sophos UTM

max.mo

Dear Sophos Community,

 

I have one satrange behavior with my installation.

 

We have one sophos UTM up to date.

 

I have configured web filtering with SSO in transparent mode. Everything seems working well.

I made some tests before migration user are autehnticated and they can access the web sites according the groups they belong to.

 

But, some times, some users (probably the same everytime), are not well autehnticated and the web page they try to access are block.

We need to browse a new web page and then the user is authenticated.

 

I opened a case and we think that the issue could be a DNS issue.

 

I made a lot of capture and investigation but I cannot find the solution.

 

Did you encounter this behavior one time or maybe to you have some ideas or tests I could run to go further.

 

Thnaks for your help !

 



This thread was automatically locked due to age.
Parents
  • 0

    H Maxime,

    Provide me the case# to look into it. Also, post a screenshot of what message does the user receives when the authentication fails. Check the http.log to know the reason of failure/block.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hello,

     

    Thanks for your help. The case is 6557398

    here is one log I got this morning

    2017:01:13-08:46:59 gate-1 httpproxy[6259]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="10.20.169.34" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo8 (BSA-WiFi-Enterprise-Profil)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3200" request="0xde173600" url="http://www.msn.com/?ocid=iehp" referer="" error="" authtime="1" dnstime="0" cattime="70" avscantime="0" fullreqtime="471" device="1" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="141" reputation="trusted" categoryname="Portal Sites" reason="category"

     

    Then I change the DNS server on the ipconfig and ty another web site and I get the webpage with my authentication working

Reply
  • 0 in reply to sachingurung

    Hello,

     

    Thanks for your help. The case is 6557398

    here is one log I got this morning

    2017:01:13-08:46:59 gate-1 httpproxy[6259]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="10.20.169.34" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo8 (BSA-WiFi-Enterprise-Profil)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3200" request="0xde173600" url="http://www.msn.com/?ocid=iehp" referer="" error="" authtime="1" dnstime="0" cattime="70" avscantime="0" fullreqtime="471" device="1" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="141" reputation="trusted" categoryname="Portal Sites" reason="category"

     

    Then I change the DNS server on the ipconfig and ty another web site and I get the webpage with my authentication working

Children
No Data
Unfiltered HTML