Question concering web filtering.
I have a home license and set up a box with 5 nics: 1 wan and 4 lans for four seperate networks: [wired], [wireless], [voip] and [dmz].
I am trying to set up web filtering for the [wired] network with multiple filtering profiles - three profiles for different sets of users. I have not been able to get it to work correctly and in searching the forum have not found a solution
The wired network (192.168.100.x) contains both windows domain users and non-domain users. Astaro authenticates domain users with AD SSO authentication. I am trying to set up three seperate filtering profiles to apply on the wired network for two seperate AD user groups [Domain User Group 1] and [Domain User Group 2] as well as non-AD users (with filtering applied to specific machines for which there are Network definitions).
Web filtering profiles are set up as follows:
(1) Filter Profile 1
[Domain User Group 1]
[wired network]
[AD SSO authentication]
[Filter action 1]
Fallback filter action is [Filter action 3]
(2) Filter Profile 2
[Domain User Group 2]
[wired network]
[AD SSO authentication]
[Filter action 2]
Fallback filter action is [Filter action 3]
Default Filtering Profile
[wired network]
[transparent proxy]
BLOCK ALL ACCESS (whitelist only)
If Filter Profile (1) and (2) both active:
Domain User Group 1 - filtering using [Filter Action 1] works fine.
Domain User Group 2 - applies fallback profile of (1) Filter Profile 1 - [Filter action 3] rather than using seperate filtering profile which contains those users [Filter Profile 2]
Non-AD users have net access. (I am not sure if no filtering is done or if [Filter Profile 1] is applied). The [Default Filter Profile] BLOCK ALL is not applied.
If Filter Profile 1 is inactive and Filter Profile 2 is active, then:
Domain User Group 2 - applies [Filter Profile 2] as expected
Domain User Group 1 - applies default Filter Profile of (2) Filter Profile 2
Non-AD users have net access. (I am not sure if no filtering is done or if or [Filter Profile 2] is applied). The [Default Filter Profile] BLOCK ALL is not applied.
In searching the forum, I have found references which state only 1 filtering profile will work on a single network. The filtering profile that will work is the first profile invoked.
Is this correct? Is there a way to have three seperate filtering profiles on a single network; one each for [Domain User Group 1], [Domain User Group 2] and [non-AD users]?
I wish to set up seperate Filter Profiles for [Domain User Group 1] and [Domain User Group 2] as well as block certain non-AD users (blocked by network definition for specific machines) and allow other non-AD users (again by network definition for specific machines) If only one Filtering Profile is allowed per network, then I would be limited to 2 filter actions (the Profile rule action and default action) rather than the 3 or 4 actions sought.
[I note if I set up a seperate filtering profile for a different network [i.e, wireless] that seperate filtering profile works as expected.]
This thread was automatically locked due to age.
