Hi guys,
So we currently run Cisco (OpenDNS) Umbrella and are wanting to do away with it for web filtering. We have a virtual appliance whereby all client computers point to it for their DNS. If it's a local DNS query, it will forward the request to the on prem AD/DNS server, if not, it will apply the correct web filtering policy based on browser authentication. This works well, but it won't do antivirus and we figure that we already have an SG210 so we may as well use it.
I would like a base filter that applies to all devices (BYOD/smart devices/domain joined/not domain joined etc.). Then we have a student filter (defined by AD group).
I'm having an issue with trying to get the web filtering to operate correctly using browser authentication. When I enable the web filtering, we get a certificate error and we can't resolve DNS. I figure that this is because the client DNS servers are set to the AD/DNS, and the DNS queries aren't handled by the UTM? We need to have the primary DNS server being the AD/DNS server in order for AD to operate correctly.
I can only test this stuff out of hours as it's a working environment. Would the correct way of setting this up be to have the AD as the DNS, and it's forwarders set up to point ONLY to the UTM? I spent a lot of time mucking around with it but just couldn't get it going quite right.
Any help appreciated thanks.
This thread was automatically locked due to age.
