Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 2599 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web protection with Active Directory integration and client not domain-joined

m.novelli

Hi guys, I'm running Sophos UTM 9.407-3 joined to a Windows 2012 R2 Active Directory

Domain joined client can successfully surf the web with Sophos Web Filtering enabled (transparent mode) with Active Directory SSO authentication

Non-domain joined client cant open the Sophos authentication webpage (the single-name url). I've tried enabling "GlobalNames DNS Zone" on my Domain Controllers but non-domain joined clients fail to resolve the Sophos UTM name.

My point: can I enable Web Filtering (transparent mode) for non-domain joined clients without authenticating them to Active Directory? I don't care to ask them to authenticate, guest can just browse the Internet. What I need is reporting for domain-joined clients.

Any workaround or alternative solution is welcome

Thanks for help guys

 

Marco



This thread was automatically locked due to age.
  • 0

    Do you have 'Block access on authentication failure' selected in Web Filtering?

    It turns out that you can have two profiles for the same subnet, the first in Standard mode and the following one in Transparent.  If that approach interests you, Configuring HTTP/S proxy access with AD SSO might be helpful.

    If you're considering transitioning to Standard Mode, you also might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address.

    Cheers - Bob

  • 0 in reply to BAlfson

    Hi Bob, I've disable 'Block access on authentication failure', but non-domain joined clients failed to resolve Sophos UTM hostname since they look for the NETBIOS name, not the FQDN name

    Thanks for the document that you linked, but I would like to use the "transparent" mode, not Standard

    Thanks for any info, 

     

    Marco