Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 7679 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application control user groups

InformaticaOostkamp
Is there any way to block an application for all networks, but allow it if the user is a member of a specified AD group? It's possible to create a rule that allows access and add the AD group to the "For" field, but that doesn't seem to work.
The proxy allows the use of groups but the application filter doesn't?


This thread was automatically locked due to age.
  • 0
    It doesn't allows you to add group object, but (User Network) object, which means that user must be pre-authenticated using SAA (Sophos Authentication Agent) software.

    Yes, you are right SSO is for now possible only for Web Filter.
  • 0

    I´ve tested the v9.4 in transparent mode and even using SAA it seems that Application Control rules only see IP addresses but not User or Group Networks.

    Is this a bug or a missing feature? I can confirm that using SAA a User Network definition is created/updated in UTM when user logs in the client machine.

    But if I select this user network to Application Control rule, it's not applied. Otherwise if I select the IP machine network, the rule is applied correctly.

    Considering that, Can you confirm that is not possible currently to use Application Control in per AD user/per AD group basis?

    Regards,

    William.

  • 0

    Hi,

    Greetings. 

    You cannot configure Application Control to restrict AD Users but you can select or add networks or hosts to FOR box whose network traffic is to be controlled by this rule.

    This applies only to source hosts/networks.

    You can define the IP address of the User(s) to allow the access explicitly.

    I personally feel that this requirment can be raised as a Feature Request, please raise it here: http://feature.astaro.com

    Thanks

    Sachin Gurung