Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 4630 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering by device and SSL Scanning

ReneVindum

I am trying to create a network, where Windows devices will do a full SSL Webscanning and Android would do a standard scanning. 

Using device specific scan (without user authentication), it seems like android is filtered out - but not IOS? Is it a fault it works and you just basically use this to setup device authentication or am I missing something?

Thanks
René



This thread was automatically locked due to age.
Parents
  • 0

    René, I do this without Device-Specific by creating a Web Filtering Profile in Standard mode and then leaving the Default in Transparent.  Configure the Windows devices to use the Proxy and they will be handled by the Profile.  Since the smart phones are not configured to use the Proxy, they will be handled by the Default.  There are other ways to accomplish what you want, but I believe this is the easiest way.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob.

    Thanks for you answer - and yes, this was my first solution. But I need this to be 100% transparent to the end users, so another solution would be a better solution. :o)

    Regards

    René

  • 0 in reply to ReneVindum

    René, it can be transparent if you have Active Directory.  See my KB article, HTTP-S Proxy Access with AD-SSO.

    Making the difference be HTTPS scanning requires either a separate wireless network for the smart phones or what I suggested above.  I'd be glad to learn that I'm wrong though!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks Bob.

    Will look at the integration with A/D - although this only solves it for the "internal" network. Looking at the setup, it should be possible to do a device specific version as you can select no authentication, but I just found that it doesn't work at all - as I had a device that was not able to access SSL pages.

    So even though it looks like UTM is able to do it - it doesn't work, and it doesn't make sense that the configuration allows this. So yes - we can do additional vlans for specific pieces of hardware - but would be a workaround that would a bit messy to maintain.

    Cheerz and thanks again

    René

  • 0 in reply to BAlfson

    Finally had the time to go through your link.

    This is basically the same as when I enter the proxy by hand, although I can apply the proxy settings through GPO. Still can't figure why I can set device and SSO with transparent mode, when this is ignored? Or am I missing something?

    Cheerz in return.

    R

Reply
  • 0 in reply to BAlfson

    Finally had the time to go through your link.

    This is basically the same as when I enter the proxy by hand, although I can apply the proxy settings through GPO. Still can't figure why I can set device and SSO with transparent mode, when this is ignored? Or am I missing something?

    Cheerz in return.

    R

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?