https://community.sophos.com/web-appliance/f/discussions/104226/ad-authenticationHi, quite new to Web Appliance. We use Firefox and have IP based authentication on at the moment. I believe AD auth is better but hear that only IE supports it, any ideas etc? Want to make sure I cover all angles before just turning AD auth on. Manyen-USTelligent Community 12https://community.sophos.com/thread/379644?ContentTypeID=1Wed, 25 Jul 2018 05:15:51 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:9376ec97-7b75-458c-8ac0-88617fcef806zk1<p>Thanks again, much appreciated.</p><div style="clear:both;"></div>https://community.sophos.com/thread/379578?ContentTypeID=1Tue, 24 Jul 2018 10:37:37 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:c6324c6f-d686-4e29-b08e-6455b8aca639Red_Warrior<p>Most welcome,&nbsp;</p> <p>&nbsp;</p> <p>If you are referring to pushing out proxy setting via gpo for ff.. Maybe something like this would help&nbsp;<a href="https://helpdesk.webtitan.com/support/solutions/articles/4000083786-configuring-firefox-proxy-settings-via-gpo">https://helpdesk.webtitan.com/support/solutions/articles/4000083786-configuring-firefox-proxy-settings-via-gpo</a>&nbsp;but this involves building your own msi and deploying the pre-configured binary</p> <p>&nbsp;</p> <p>Generally I would recommend pushing out via dhcp / .pac file for more configuration options&nbsp; (ie exclusions lists, dns/hostname look ups you can detect if the client is onsite vs offsite .. .etc)&nbsp; Its a little more difficult.. Unfortunately support can help much in creating a .pac file.. (if you need one done for you just talk to your account manager for professional services)&nbsp;</p> <p>&nbsp;</p> <p>However I do have another lovely KB that should help.</p> <p>&nbsp;</p> <p>NOTE:</p> <p>(if your in transparent or bridge mode) theres no need for browser settings, just configure the lan router/wccp device to direct 80/443 from network x .. to appliance and then omit the appliance so that it can get out the gateway to the internet.</p> <p>&nbsp;</p> <p>ELSE:</p> <p><a href="http://findproxyforurl.com/pac-functions/">http://findproxyforurl.com/pac-functions</a>&nbsp; &nbsp;(see the examples here to they are very good)</p> <p><a href="/kb/en-us/38784">https://community.sophos.com/kb/en-us/38784</a></p> <p><a href="/kb/en-us/38787">https://community.sophos.com/kb/en-us/38787</a></p> <p><a href="/kb/en-us/38783">https://community.sophos.com/kb/en-us/38783</a></p> <p><a href="/kb/en-us/38788">https://community.sophos.com/kb/en-us/38788</a></p> <p><a href="/kb/en-us/38784">https://community.sophos.com/kb/en-us/38784</a></p><div style="clear:both;"></div>https://community.sophos.com/thread/379491?ContentTypeID=1Mon, 23 Jul 2018 14:54:26 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:e6b76eb0-731d-40e5-be99-4af1ce2ea575zk1<p>Thanks Red Warrior!</p> <p>&nbsp;</p> <p>Re the Firefox config, do you know if it can be done centrally / via policy or similar (so as not to manually configure hundreds of desktops)?&nbsp;</p><div style="clear:both;"></div>https://community.sophos.com/thread/379477?ContentTypeID=1Mon, 23 Jul 2018 12:21:08 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:733cf832-19ca-4a3f-96a1-dfb4d91c30a3Red_Warrior<p>Hi Zk1</p> <p>The SWA officially supports FF, chrome, IE and Safari via SSO... there are some requirements and best practices..&nbsp; &nbsp;Please see my KB here for everything you need to know&nbsp;<a href="/kb/en-us/126599">https://community.sophos.com/kb/en-us/126599</a></p> <p>&nbsp;</p> <p>for thinks like public wifi I generally recommend deploying a separate appliance generally without an authentication policy .. then lock it down via a generic default policy.&nbsp; &nbsp;this will ensure your not mixing public and private traffic.&nbsp; the VM is included so theres no additional costs.&nbsp;</p> <p>&nbsp;</p> <p>Cheers</p><div style="clear:both;"></div>