[9.200][DUPE] Are WAF and AD SSO Transparent Mode Mutually Exclusive?

Carrying on with my testing of 9.2 features, I recieved this warning when I tried to activate the WAF.

"Cannot enable Web Application Firewall when one or more Web Filter Profiles are using ActiveDirectory SSO in transparent mode."

Is the WAF and and AD/SSO Transparent Mode operation mutually exclusive? Is the reverse also true? With WAF enabled the UTM cannot run AD/SSO in Transparent Mode?

Cheers [:)]

Parents

0 AzRoN over 11 years ago

Currently yes it is.

The transparent AD-SSO implementation uses some redirections of client requests to then turn it into an 'explicit/standard' request so the UTM can authenticate.. however this intercepts 80 and/or 443 traffic... on all interfaces it seems.

SSL-VPN can still work!  but the WAF and AD-SSO in Transparent mode are incompatible when both enabled.

As such, when one is on, the other will complain when you attempt to also turn on the alternative function.

Apparently it'll be fixed in a future version.  Unsure of the mantis.

UPDATE: this link is worth a read!  https://community.sophos.com/products/unified-threat-management/astaroorg/f/81/t/65615
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 AzRoN over 11 years ago

Currently yes it is.

The transparent AD-SSO implementation uses some redirections of client requests to then turn it into an 'explicit/standard' request so the UTM can authenticate.. however this intercepts 80 and/or 443 traffic... on all interfaces it seems.

SSL-VPN can still work!  but the WAF and AD-SSO in Transparent mode are incompatible when both enabled.

As such, when one is on, the other will complain when you attempt to also turn on the alternative function.

Apparently it'll be fixed in a future version.  Unsure of the mantis.

UPDATE: this link is worth a read!  https://community.sophos.com/products/unified-threat-management/astaroorg/f/81/t/65615
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data