Web Filtering Profile doesn't appear to be applying correctly.
Hi,
I have run into a problem when experimenting with the Web Filtering Profiles in UTM 9.111-7.
We ultimately want to apply Web Filtering policies per department using the AD group a user is a member of. I have set up the groups in the UTM to sync with the relevant group on the AD server, but for now I'm just testing with individual AD synced users.
We have several subnets across our sites, and with some users travelling between sites, I don't want any of the filtering policies to apply to the subnet the user is on, but to the user themselves.
I've set up a couple Filter Actions, with different block rules (one blocking spotify, the other BBC). Then I have created a couple Filter Assignments with one of the Filter Actions applied to each, and included an AD synchronised user on each. Finally, I created the Proxy Profiles, applying each profiles to all of our subnets (since in production the user could be on any subnet), and a relevant Filter Assignment.
I am one of the users that is applied to one of the filters, and to check the filters are working, I have been applied to both, one at a time.
The problem I am experiencing is that my user is only assigned to one of the filters, but if I enable the other filter (with only a different user on it now), it seems to be applying that filter to me still. In the Proxy Profiles list, this second filter is above the one that should be applying to me.
I'm under the impression that the UTM will go through the filters from top to bottom and apply the first one that the user is assigned to and apply it? Therefore, it should be skipping the one I'm not a member of, and applying the next one in the list that I am a member of?
I'm wondering if there's some sort of cache or delay when a user is moved from one filter to another? Restarting the browser between this doesn't seem to help, however disabling the filter I'm not a member of takes effect immediately.
I've included screenshots of the configuration, and hope that someone can explain what's going on here?!
Basically, in the screenshots, profile2 should be applying to me (I am not a member of profile1, but have been in the past). With profile1 disabled, profile2 applies to me fine, but when profile1 is enabled, it still seems to be applying to me instead of filter2.
Thanks in advance for the time you've taken to read through my waffle above and any suggestions you can offer!
If anything isn't clear enough, or you need more information, please let me know and I will provide it.
Edit: Sorry, forgot to mention that both profiles are set to 'Standard' operation, and 'Active Directory SSO' for authentication.
This thread was automatically locked due to age.
