I have several ASG 6.3 devices and am using them in a active directory environment for firewalling and proxying.
I have been using the http proxy in Active Directory mode and it is working great. However one site had one user who decided he didn't need to follow the rules and started trying to find his way around the firewall so he started using Firefox which would allow him to remove his proxy settings (IE is locked down to prevent this). This only worked because I had a rule which allowed all traffic from the internal network out to anywhere, this rule was put in place because of several web applications we are required to use (maintained by people who seem to think I do not need to know all of their active IPs and ports) and it would also allow people who are not assigned to that site to get web access without having to set their proxy properly until I could roll their site out (then they would just be using their assigned site's proxy).
I have removed that rule so that people not pointing to the proxy cannot get web access anymore. I was wondering if there was a way of forcing all HTTP traffic through the proxy (transparent mode) while using Active Directory mode. I have tried NAT rules but they just break the Active Directory authentication. Would I be better off assigning the proxy to each station manually versus through Active Directory?
This thread was automatically locked due to age.
