Hello, AD Integrated Web Protection seems to be a tricky topic, it's kicking my butt at the moment. Looking for any help here. Using UTM version 9.004-33 What I've Done. I believe these tasks are all that is neccesary to enable authentication. I've defined my authentication servers (2), I can enter my test user and have his group membership returned. Modification of group membership (remove from one group, add to another) is properly reflected I've enabled SSO, and have successfully joined to the domain (AD object was created) I've created group definitions, and limited their membership to backend groups I've selected using the picker control I have *not* checked to created users automatically For Web Protection, in Web Protection Profiles I've: Defined a Filter Action which specifies what to block Specificied a Filter Assignment assigned to the group created above Configured a Proxy Profile using my filter assignment, standard mode for proxy and AD SSO As far as I can tell, only the highest order proxy profile is being used, regardless of group assignment. What am I missing here? Thanks, Tim

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple Profiles - No Effect

Hello,
AD Integrated Web Protection seems to be a tricky topic, it's kicking my butt at the moment. Looking for any help here.

Using UTM version 9.004-33

What I've Done. I believe these tasks are all that is neccesary to enable authentication.

I've defined my authentication servers (2), I can enter my test user and have his group membership returned. Modification of group membership (remove from one group, add to another) is properly reflected
I've enabled SSO, and have successfully joined to the domain (AD object was created)
I've created group definitions, and limited their membership to backend groups I've selected using the picker control
I have *not* checked to created users automatically

For Web Protection, in Web Protection Profiles I've:

Defined a Filter Action which specifies what to block
Specificied a Filter Assignment assigned to the group created above
Configured a Proxy Profile using my filter assignment, standard mode for proxy and AD SSO

As far as I can tell, only the highest order proxy profile is being used, regardless of group assignment.

What am I missing here?

Thanks,
Tim

This thread was automatically locked due to age.

Parents

0 Scott_Klassen over 12 years ago

Proxy profiles are an ordered list. The profile is the first thing that is checked from lowest number to highest (1, then 2, then 3, etc.), based on the source networks parameter (IP Addresses). If it finds a match, that's the profile which is used. What you want to do is to have multiple Filter Assignments, each with a different group or groups, linked to a single Proxy Profile (#1).
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Scott_Klassen over 12 years ago

Proxy profiles are an ordered list. The profile is the first thing that is checked from lowest number to highest (1, then 2, then 3, etc.), based on the source networks parameter (IP Addresses). If it finds a match, that's the profile which is used. What you want to do is to have multiple Filter Assignments, each with a different group or groups, linked to a single Proxy Profile (#1).
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data