I seem to basically have the grasp of what I need to do and have about 95% of it set up but I'm failing somewhere.
Here's my scenario:
I have essentially 5 classes of user that have 5 different types of access needed.
POS Stations, Marketing, Admin/Mgmt, Std Domain Users, non-authenticated users (transient users from other offices that are not on local domain).
Right now, the default web filter is set to Transparent authentication mode and I have a balance of sites that are viewable but we need to lock it down a little more.
Configuration:
Users -> Groups: I created groups that have backend membership into the AD to cover Security Groups from the AD that I want in each user class.
HTTP/S Profiles -> Filter Actions: Created appropriate filter actions for each access class.
HTTP/S Profiles -> Filter Assignments: Created unique filter assignments for the access classes and assigned a corresponding filter action and user group to them.
HTTP/S Profiles -> Proxy Profiles: Created an OfficeLAN Profile to handle everyone on the Internal Network and added the Internal Network as a Source Network and the various filter assignments mentioned above. I set the fallback option to Default filter action and Operation Mode to Active Directory SSO. I placed them in order from most to least restricted.
It doesn't appear to be blocking/allowing what it should based on the user. I also saw a few instances where it wasn't picking up the username and was prompting them for their domain login which when entered would not authenticate.
This also would have no affect on the users that are not authenticated on the domain and not connected to the proxy. I need to be able to allow them to put in a username and password to get access to the appropriate sites for their user class (ie, a marketing person from another site would get access to the marketing groups approved sites), or just a default filter if they don't have a username.
I'm certain I'm close but I haven't configured this part of an ASG before so it's a tad foreign.
Your help is appreciated as always.
Joe J
This thread was automatically locked due to age.
