I have two groups setup in Active Directory, one called "Filter-FullAccess" and one called "Filter-PayPal". I then have under Filter Actions have a white list called "Websites For Everyone" and one called "PayPal". Under filter assignments I have three assignments: "Filter - PayPal" which is assigned the PayPal white list and Filter-PayPal group, "Filter - Full Access" which is assigned the Default Content Filter and the Filter-FullAccess group, and the last one called "Filter - Sites for Everyone" which is assigned to Authenticated users.
Based on the help file I have a single Proxy Profile called "Access for Users" as I only have one subnet and the users are all in it. In that profile I have my three filter assignments. Sites for everyone is first, PayPal is second, and full access is third. The default action is block. Here is what it looks like (it is the only profile):
Transparent mode enabled
Source networks: Any
Filter Assigments:
Filter - Sites Allowed For Everyone
Filter - PayPal
Filter - Full Access
Fallback action: Default content filter block action
Per the help file this should work but it doesn't. I am using Transparent proxy mode with Agent authentication because AD-SSO would not work (https://community.sophos.com/products/unified-threat-management/astaroorg/f/55/t/45791). I am logged in with a user in the "Full Access" group and I can verify the Astaro knows the user is in the right group (I have tested the users login against Definitions and Users -> Authentication Servers -> Servers). If I try to go to google.com (which is definitely in the default content) I get this:
2013:02:24-18:39:11 Firewall1 httpproxy[6510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.0.0.23" dstip="" user="FullAccessUser" statuscode="403" cached="0" profile="REF_HttProFullAccesUsers (Access for Users)" filteraction="REF_HttCffSitesAllowFor (Sites Allowed For Everyone)" size="6475" request="0xaa87478" url="www.google.com/" exceptions="" error="" category="145" reputation="trusted" categoryname="Search Engines"
So it's not matching the first filter assignment. So I try PayPal and get this:
2013:02:24-18:41:18 Firewall1 httpproxy[6510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.0.0.23" dstip="" user="FullAccessUser" statuscode="403" cached="0" profile="REF_HttProFullAccesUsers (Access for Users)" filteraction="REF_HttCffSitesAllowFor (Sites Allowed For Everyone)" size="6475" request="0xa9ae2d8" url="www.PayPal.com/" exceptions="" error="" category="145" reputation="trusted" categoryname="Search Engines"
Again it's not matching and since it's not in my "Sites allowed for everyone" group it gets blocked by default. But if I try something that is in the sites allowed list it works fine (weather.com in this case):
2013:02:24-18:43:17 Firewall1 httpproxy[6510]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.23" dstip="24.143.206.176" user="FullAccessUser" statuscode="200" cached="0" profile="REF_HttProFullAccesUsers (Access for Users)" filteraction="REF_HttCffSitesAllowFor (Sites Allowed For Everyone)" size="108585" request="0xaa6c330" url="www.weather.com/.../html"
Any ideas why this wouldn't work?
-Allan
This thread was automatically locked due to age.
