With the release of 9.1, we are testing the Endpoint Web Protection feature, something we are very excited about. In doing so we've noticed however there are some discrepancies. I know this is new to the UTM so we expect a few hurdles.
For some background, we are running 2 UTM 625s in an HA cluster, version 9.101-12. Web Protection is setup using Standard Mode with AD SSO authentication. We tie a few groups on the UTM to various AD groups and in conjunction with Web Filtering Profiles provide proxy (via PAC) to our users on our private company network. Works beautifully I might add; extremely fast (db in mem), have not run in the CPU/Mem issues seen on various other posts, etc. (6 months in production).
We're testing Endpoint Protection, and prior to 9.101-12, we were just doing the basics available to us; virus and device control. No issues.
Now we're trying out the Web Protection Endpoint Protection feature now that it is available, so when our users go off network, we can continue to log/control where they can go - and we have run into a few bumps in the road.
** None of these issues exist when on the private network and using the proxy per normal **
Issues when off network using the End Point client:
1. Not all sub-categories in a category are blocked. Example: we have a category "Adult Oriented" - and under that we have ****ography, Provocative Attire, Nudity, and a few others. ****ography is blocked but Provocative Attire is not.
2. Web Protection Profiles are out the window. Example, I am in a "Power Users" group that allows me to go to certain sites. Fine when on private network via proxy, blocked when off network via End Point client. I have looked at the logs and I see where the End Point client sends my username a bit differently (domain\username) vs when on the private network via proxy just (username) is sent. Might have something to do with it, not sure.
Has anyone else tried this feature out? The browser messages indicating "site blocked" all have our custom logo/text, etc. Just the two issues I mentioned above.
I'm still in the process comparing logs, etc. Any thoughts on how to look into the LiveConnect cloud and see the Web Filtering setup?
Sincerely,
dmw
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
