Configure firewall rules for users object

Hello Goldy_01 ,

Thank you for reaching out to the community, please refer the following KBA _ user-based firewall rules - https://support.sophos.com/support/s/article/KB-000035564?language=en_US#

Hi and thanks.

will it work WITHOUT intercept X?
I use another AV.

There are various authentication method, if you do not have intercept X then you can opt for another auth method , like captive portal or SSO, agent, NTML or Radius/AD SSO 

Thanks.
We will give it a try.

Hi.

No success. ):
(See attached picture.)

The default rule is blocking Anydesk.
What I'm trying to do, is allowing this user using Anydesk.
Sophos identify the user based on AD.

Thanks,

Goldy.

Ensure the rule is on the top 
Can you perform a packet capture - https://support.sophos.com/support/s/article/KB-000035761?language=en_US
And confirm with the help of packet capture !

You are currently trying to allow traffic based on a DNS Name, which is more likely a CDN based URL. 

So you should first check the live users, if your use is authenticated. If not, go back to the steps mentioned above: https://support.sophos.com/support/s/article/KB-000035564?language=en_US The firewall needs to know the IP based on your User.

Then you should create a LAN to WAN Rule with ANY Service and your user. 

Then you should enable the web proxy in the firewall rule, within the webfilter you can allow/deny based on user groups. 

You are currently trying to allow traffic based on a DNS Name, which is more likely a CDN based URL. 

So you should first check the live users, if your use is authenticated. If not, go back to the steps mentioned above: https://support.sophos.com/support/s/article/KB-000035564?language=en_US The firewall needs to know the IP based on your User.

Then you should create a LAN to WAN Rule with ANY Service and your user. 

Then you should enable the web proxy in the firewall rule, within the webfilter you can allow/deny based on user groups. 

Hi Toni.

Thanks.
We have been told by Sophos supporter that for using Packet filter with "User" object, user must have a Sophos interceptX install on his workstation.

Is it so, or can we go by without it.

Regards,

Goldy

One more thing - just to be clear.
I'm talking about internal users which are coming from my LAN.

Thanks

So - The firewall can use the user information provided by one of the listed above. The easiest way to implement is the endpoint itself, but it is not limited to only the endpoint.

Most commonly used (if not using the endpoint) is stas. https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles/AuthenticationConfigureTransparentAuthenticationSTAS/index.html

You can use this tool to extract and implement authentication with the firewall on your AD server. 

packet capture:

Hi Toni.

If I understand you correctly,  you talking about web filtering, while I'm talking about packet filtering (Firewall).

Live Users works for everything (including the packetfilter). 

But for this, the user has to be listed in live users. If this page is empty, the firewall will not match the traffic.