Per user authentication on Terminal Server

Hi Eddy,

Does, Sophos authentication for thin client (SATC) helps you configure the required setup?

Thanks

Hi Sachingurung,

I've followed all the steps to install and configure SATC.

At the moment I type this command in the console : "system auth thin-client add citrix-ip <server-ip>"
Here is the strange behavior I get :

  - user appear in "Live users" with type "Thin client" (good)
  - the user aware firewall rule does not match
  - the userless firewall rule does match instead AND the webfilter policy applyed to it stop working for requests incoming from the RDS server ip ! so the user simply stop being filtered.
  - in logs : firewall logs that userless rule match (with no username) and webfilter logs nothing coming from the rds ip (no allow nor deny)

I get this behavior even if I uninstall SATC on the server.

So, when I disable the command ("system auth thin-client delete citrix-ip <server-ip>") the filtering system is working again.

Hi Eddy,

Did you place the firewall rule on the TOP and select "Captive Portal to unknown users" option?

Show me the screenshot of the configuration.

Thanks

I placed it above the "userless" rule, but I don't want anonymous users to be redirected to the captive page .....

I placed it above the "userless" rule, but I don't want anonymous users to be redirected to the captive page .....

Hi EddyMinet , 

The rules follow from top to bottom, So if you add the user-less rule on the top it would make no sense and will be bypassed. Now if the user-less rule is at the bottom of the authentication rule . The users who are not authenticated will not match with the rule and will seek the client-less rule. The match is based on the parameters of the rule. If the rule is not present and the parameters did not match with any other rule it would simply throw captive portal .