I want to setup my HTTP proxy profiles so that I specify where the user can go, not the computer.
For instance, right now I have the labs setup as individual network groups with static IPs. When anyone sits at a computer in the lab, they are limited to the places the computer can go, not the user.
I have a filter action called Students. I want that filter to be applied to the students no matter where they are in our network.
I have a filter action called Teachers. I want that filter to be applied to the teachers no matter where they are in our network.
Will the procedures listed below work?
I make the filter actions named as above and configure their access.
I make a Student filter assignment that the AD user group “Students” is assigned to and assign the “Students” filter action to it.
I make a Teacher filter assignment that the AD user group “Teachers” is assigned to and assign the ”Teachers” filter action to it.
Here is what I am unsure of. I have all of my subnet groups assigned to one master group. Any computer we own, any computer that a visitor may bring in will get an IP in one of those ranges.
So, I make a HTTP profile named “Student–Teacher Access”. I assign my “Master” group as the source network. I then add the Student and Teacher Filter Assignment to the profile. I set the authentication to either AD SSO or Basic.
My question: If the Student filter assignment is listed first, the teacher will not match the AD group membership, but they will match the source. Will the auth request fail right then and stop checking or will it drop through all the filter assignments until it matches, or there are no more filter profiles and it fails?
Sorry to post this here in the Beta area, but I think it is the most likely place to receive an answer about the HTTP proxy.
Oh, and the Astaro US Support guys already told me they don’t support the beta. 
Guest User!
You are not Sophos Staff.
