Is it true that you cannot use an Active Directory Backend group as a department for web filtering? I am surprised that with the AD integration that this feature is not there.
If you're asking about Reporting, that's correct - you can't create a Department using an AD Backend Group. I'm pretty certain that there's a feature request for it though: UTM (Formerly ASG) Feature Requests: Hot (1183 ideas)
If you're taking about Web Filtering Profiles, then you can, and it's easy.
Thank you for confirming. I saw the feature request was in but there did not seem to be movement on it for a while.
My dilemma now is that I would like to get departmental reporting but these users I create do not seem to link up even though I selected backend AD for them.
when I created the user, I used first.last which is our login name format. Do I need to include the full domain as first.last.domain.local?
I am going to try editing some of the and create a could fresh ones for results.
My webprotection filtering is on the AD group So my thinking is that I need to create the user with the full name.
I don't see what you're suggesting. How many users do you have? Are the Departments already defined in AD? You won't want to create local users in the UTM.
The departamental reporting only works with network definitions. Even you can select users and groups there, they only fill up if those users are authenticating by agent or on the VPN. The AD authentication (basic, SSO, whatever) do not link an IP address (remenber it's a network definition) with the login/user.
If your departaments are segmented in subnets, then you can use them do group the access instead of AD groups.
If you look at the web access logs, you can't find any information about what groups the user belongs. I don't think it will be a easy feature to deploy. And it's quite annoying when I have to explain to my clients that their firewalls don't group the web reports.
Thank you for the replies. That does make sense. Management wants a report of what the people do by department but, this is a want, not a need. we do have departments on different VLANS but, it is not consistent. I will not be adding the agent to the systems just yet so this will be a back burner issue for us.
Rather than adding the Agent, just sync your uses from the AD to the UTM. You then can add the synced users to local groups that should work just fine with Reporting - as I recall.
