Adding a network which is using transparent SSO into the transparent destination skiplist in the misc web proxy settings will break transparent SSO [[:(]]
Lot of customers are entering their internal networks into the transparent destination skiplist without checked the "allow traffic for skipped hosts" checkbox to avoid, that clients from other networks (as a GuestNet for example) can acccess other internal networks via webproxy. I use the simplified version for lazy people and have since years a RFC1918 Network Group containing the 3 private network ranges added into the transparent destination skiplist, which prevents access from any internal network via web proxy into any other internal network.
But this also breaks the transparent SSO feature, as the client technically will be redirected for auth to the UTM's interface, which IS also in the internal RFC1918 network range a,d therefor also will be skipped [[:(]]
We should make sure, that excluding internal networks via transparent destination skiplist doesn't break the SSO feature. [:)]
Guest User!
You are not Sophos Staff.
