Hi Folks,
I am writing this a second time since I got logged out while writing my first attempt which then got "lost" when I wanted to preview it. [:@] so this is my second try (stripped version, less bla):
I have a brandnew UTM for my home network. I am highly interested in the Proxy Profile feature since I have a little brother (nine years) with his own laptop (Windows 7, own profile/password). I don't have any directory services in my network, so i have local users on the UTM. I want to get rid of the FireFoxPlugin Pro Con Latte which until now handled URL Filtering for my brother.
A short description of what I wanted to accomplish:
"minor" users have to use a profile with strict URL-filtering. grown up users have a less strict profile. Authentication for known users is done via SAA since no directory server is available. Guest users cannot authenticate and should have an even stricter profile with advanced virusscanning.
Here's what I setup, I hope this is comprehensible:
- UTM version 9.006
- I've created two user groups "minors" (including my little brother) and "grown ups" including me
- I've distributed the SAA to the clients, auth seems to be working fine according to the log
- I've put very strict settings into the main web proxy, since I want this to be the fallback for guests (default filter action)
- I've setup two filter actions:
-- "grown ups" (less strict, no URL blocking)
-- "minors" (very strict, lots of blocking)
- I've created two new filter assignments
-- "grown ups, less strict" with the corresponding users and filter actions
-- "minors, very strict" with the corresponding users and filter actions
- I've setup two proxy profiles (in that order):
-- Position 1. "LAN guest proxy": Source: Internal Network, no filter assignments, fallback is default filter action, OP Mode transparent, no authentication
-- Position 2. "LAN SAA-authenticated proxy": Source: Internal Network, filter assignments 1. "minors" 2. "grown ups", fallback is default filter action, OP Mode transparent, authentication via agent (hence the first proxy, since unauthed users (guests) would have gotten a blocked content info, is this a correct approach?)
The problem I'm expriecing: Every client, authed or unauthed seems to apply the fallback action with the strictest proxy (the main proxy). It doesn't seem as if my filter assignments match. AFAIK the UTM applies rules by first match and exits. I think this is some sort of "wrong order" matter. Maybe you have an eye for that and can point me to the right direction or even find the flaw I've built into the setup.
Any help is highly appreciated and also thank you for reading and taking your time for my issue. If you need additional info like screenshots or logfiles, please let me know.
Best regards
smueff
This thread was automatically locked due to age.
