Hello,
i'm having a very hard time getting basic functionality to work on a XG box on a branch office that took me minutes on utm and also new bugs:
1) i have the default rule from lan to wan any, with http scanning, NO https decryption, basic web policy for no explicit content, no user matching
this was working ok after todays's update to MR3, now i get HTTP 500 errors when i try to access http pages, NOTHING gets logged on the web filter log for http access, the only way to make it work is to DISABLE http malware scanning
microapp scanning has already been disabled and is still disabled.
2) the idea is to make a browsing rule with basic blockage/MW scanning for everyone in AD and to have reports, but the web filter log is NOT detecting any user(AD has been added as auth and STAS is also enabled -but stas is giving me trouble, it reports failures to authenticate on valid users and is even getting head office events when it shouldn't-
3) i created a new test rule for a PC that i'm using as test, i made a rule with source zone LAN, source ip the ip of the PC, specific app block, explicit category url block, only HTTP scanning, logging and i dragged it on top of the default rule...
it doesn't work, it never triggers ANY traffic on that rule, UNLESS i disable "match known users"
when i browse to any explicit site on that PC the block page shows but says "unauthenticated user" and if i press the logon button it opens a https page with a cert error as it's the autogenerated one, that leads me to:
4) i won't add the autogenerated cert to the domain computers as it's impossible to support a cert across ALL browsers so that when people travel to the branch office from home office everything works... with UTM i get a native login popup(NTLM) on stations that are not part of AD
and 5) the login page fails anyway, i put good credentials and they dont auth, the auth log says "User ggl failed to login to Firewall through Local authentication... AD, local" from the station i'm testing, yet the AD test page works ok...
i'm stumped at this point, this is a total disaster.
edit: test with match known users on the rule
This thread was automatically locked due to age.
