Hi All,
We are currently moving from UTM to XG. Currently having a complex issue, and speaking to Sophos but not yet resolved, so thought I would ask here and see if anyone has any ideas.
For example lets say we have some teams like "Sales", "Technical" and "Finance" etc.
We have created a separate web policy for each of these as they require different access. And assigned the relevant group next to them.
So we have also created a separate firewall rule for each of them as well - as you can only assign a web policy to a single firewall rule.
In theory, that would work.
But we need to override some of these blocked category's for some users so we have some groups like "Allow access to dropbox" etc so we can create a separate web policy for these allow rules and a separate firewall rule as well.
Again according to Sophos this should work.
The problem we are hitting is that when you go to say google.com it is blocked, this is because it is matching the users group against one that starts "Allow access to..." rather then lets say "sales" beacuse it goes in an a to z order from the AD group name.
How do we get around this, its not practical to modify groups manually, as we have 20000 users, and about 30 different web access groups for different things, that are based on how we have it setup on the UTM currently.
All the required groups are all imported, some are populated fully others are not. Not sure why. We are using STAS and this does appear to work correctly, as we are see log on/off in the logs for our test users.
Thanks
This thread was automatically locked due to age.
