Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 0 subscribers
  • Views 5423 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Web Appliance with Remote Users

TEC2012

Hello,

I'm currently testing the Sophos Virtual Web Appliance with the Endpoint Web Control functionality.  I have a query as to how the ActiveDirectory group handling works for remote users.

If I create a policy to allow members of the "RemoteSupport" AD group to access www.logmein.com - and a remote user is a member of this group, they are able to access the site as expected.  However if I then remove the user from the AD group, force an AD sync on the appliance, and then attempt to access the site on the remote laptop again - it remains accessible.  It seems not until the remote machine has updated the user's AD group membership does the site become blocked.  However as the user is remote, they may not connect to the domain for a few days.

Is there any way around this, other than specifying policy based on user name rather than group membership (not ideal)?

Many thanks,

Tom

:28527


This thread was automatically locked due to age.
  • 0

    Hi Tom,

    Welcome to Sophotalk.

    Unfortunately, I think this is expected, because user/group association is done locally on the endpoint rather than synched from the appliance.  

    If you needed to urgently allow someone access to a site you can allow them as a user but not as a group.  

    Unless your users have a method to connect to the domain remotely (such as VPN) I can't see a way around this.

    Thanks,

    TomA.

    :28697