This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Match known users" - doubts

My scenario:

Sophos XG230 (SFOS 16.05.3 MR-3)

Firewall Authentication Methods : Active Directory/Local

Current Activities : in Live Users tab the Xg is listing the users authenticated on the domain controller with Client Type as SSO

I've added a firewall rule to authorize LAN's PC to navigate; everything goes fine but if I check "Match known users"
all the users are blocked and they are redirected to the Captive Portal.

Is "Match known users" the way to authorize the Active Directory User (or groups) to navigate in transparent mode or Am I wrong something?

Best regards

malachite

This thread was automatically locked due to age.

Parents

0 lferrara over 8 years ago

Malachite,

Using match know users enforce the rule to be applied on users (layer 8). So in your case something is not working correctly.

Make sure to put the ad server at the top list of Authentication > servers > firewall.

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 malachite over 8 years ago in reply to lferrara
lferrara said:

Malachite,

Using match know users enforce the rule to be applied on users (layer 8). So in your case something is not working correctly.

Make sure to put the ad server at the top list of Authentication > servers > firewall.

Regards

Luk,

thank you for you reply.

My AD server is at the top in Authentication > servers > firewall list but in Logs/Authentication i see the users that logged out from the firewall every 10/20 minutes even if the user in AD are authenticated. It's a normal behavior?
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 8 years ago in reply to malachite

Hi,

What is the reason for disconnection in the log viewer | authentication section?
Cancel
Vote Up 0 Vote Down

Cancel
0 malachite over 8 years ago in reply to sachingurung
Hi Sachin,

unfortunately I can not understand until now why they are disconnecting from the firewall

Malachite
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 8 years ago in reply to malachite

Hover the mouse pointer on the logged reason for disconnection in the Log Viewer | Authentication page and tell us what do you read.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 sachingurung over 8 years ago in reply to malachite

Hover the mouse pointer on the logged reason for disconnection in the Log Viewer | Authentication page and tell us what do you read.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 malachite over 8 years ago in reply to sachingurung

"User username@domainname was logged out of firewall" - this the only message that I see in the "Log Viewer | Authentication" page
Cancel
Vote Up 0 Vote Down

Cancel
0 alessandro scuderi over 7 years ago in reply to malachite

Same behavior for me. I am working on release SFOS 17.0.1 MR-1. How can I avoid the redirect to captive portal for known users?

Regards,

Alessandro
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 7 years ago in reply to alessandro scuderi

Hi,

What authentication method is configured to use? Refer to, Sophos Firewall: Where to find log files and send me the access_server.log. I will DM you for more information.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 alessandro scuderi over 7 years ago in reply to sachingurung

I was using Sophos Authentication Client, but after I changed to to STATS the rules work properly.

Thank you.

Best Regards,

Alessandro
Cancel
Vote Up 0 Vote Down

Cancel