Identity based Terminal server rule

Question

Hello, 
 
 I have some trouble getting the folowing scenario working. 
 
 On my XG I never user identity based rules, I have a LAN to WAN rule any/any set at the bottom with some policies applied. However I now want to be able to monitor internet traffic on the terminal server on a user basis, but don't want this on the rest of the computers on the LAN. 
 
 So I started bij installing the SATC using this article ( https://community.sophos.com/kb/en-us/127157 ) I already had the AD connected to the Sophos so I could skip this step. After this the users did show up in the activity monitor with their user name as a SATC client. 
 I set a rule with LAN to WAN Source as my terminal server and destination any with Identity based enabled and the users that I have on the terminal server, this however did not work. When I browse to a website it tries to redirect me to the portal even though the user should be matched as an identified user. 
 I have noticed before that Sophos articles are far from complete and missing some critical steps. I have read somewhere that there also needs to be a block rule and a DNS rule. 
 
 Can someone point me in the right direction regarding user controll and monitoring but only for the terminal server? 
 
 Regards. 
 Tonv

LuCar Toni · Accepted Answer

What SATC does is, only sending some packets before the "real connection" begins. 
 So take a look at the live user tab and observe, whether the user stay only or logs frequently out and in. 
 Also noticeable: As far as i know, SATC only works for TCP Connections. So basically this explains, why you need a DNS Rule, if you using an DNS Server instead of XG as DNS. 
 So try SATC only for HTTP/s first with a rule HTTP/s and check, if it works. Place the rule on top of the rule set and also delete all "default drop" rules, if you have some in place.