Running ASG220 and ASG110 V 7.509. For last 3 years just running basic HTTP in transparent mode, no AD authentication. Works fine and have built a large list of Exceptions on the Global settings. Some sites are just content exempt, some allow .exe downloads, etc.
Now management wants to separate the hoi polloi from the hoi oligoi, i.e.; they want to access sites we mere mortals are not allowed to. So, it seems like SSO AD authentication is the only way to do this.
Thanks to all the user input here, especially this https://support.astaro.com/support/index.php/User_Contributed:HTTP/S_Proxy_Access_with_AD-SSO
I have been able to configure SSO and populate user groups based on AD OU's and create HTTP/S Profiles.
However, before pulling the trigger and forcing the use of the proxy with Group Policy I have a couple of questions. Before SSO, I had created a lot of locally authenticated users just for those people who use SSL VPN to work from home. Sadly, I used the same userid as their AD userid, although the ASG password is different. So, prefetch finds them as locally authenticated and does not import their AD credentials. Am I going to be required to delete all of those local accounts in order for the HTTP/S Profiles to work correctly? That means everyone will need to update their SSL VPN client? I suppose best practise is to create a different userid for home use of the VPN client. [:(]
Once I force the proxy, are all of the Exception lists invalid? There does not seem to be an equivalent in HTTP/S Profiles where I can control extension blocking vs category blocking, just an always allow URL list. The user posts regarding this seem inconsistent?
Seems like people have a lot of performance issues using SSO with HTTP/S Proxy. Are there any success stories where people are happy with this?
This thread was automatically locked due to age.
