Is it true that you cannot use an Active Directory Backend group as a department for web filtering? I am surprised that with the AD integration that this feature is not there.
The departamental reporting only works with network definitions. Even you can select users and groups there, they only fill up if those users are authenticating by agent or on the VPN. The AD authentication (basic, SSO, whatever) do not link an IP address (remenber it's a network definition) with the login/user.
If your departaments are segmented in subnets, then you can use them do group the access instead of AD groups.
If you look at the web access logs, you can't find any information about what groups the user belongs. I don't think it will be a easy feature to deploy. And it's quite annoying when I have to explain to my clients that their firewalls don't group the web reports.
The departamental reporting only works with network definitions. Even you can select users and groups there, they only fill up if those users are authenticating by agent or on the VPN. The AD authentication (basic, SSO, whatever) do not link an IP address (remenber it's a network definition) with the login/user.
If your departaments are segmented in subnets, then you can use them do group the access instead of AD groups.
If you look at the web access logs, you can't find any information about what groups the user belongs. I don't think it will be a easy feature to deploy. And it's quite annoying when I have to explain to my clients that their firewalls don't group the web reports.
