We have the following topology, where the AD2008 R2 is hosted on a remote site. When enabled the user proxy profile with Active Directory SSO, with the deploy via GPO settings, we got the following error:
2012:04:12-17:00:22 ASG[6419]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="20.30.40.2" dstip="" user="piao" statuscode="407" cached="0" profile="REF_HttProPiaozada (Piaozada)" filteraction="REF_HttCffPiaozada ()" size="4635" request="0xa3f3ca8" url="http://br.msn.com/favicon.ico" exceptions="" error=""
1. Configured the Active Directory functional level to Windows 2003, nevertheless, problems continued.
2. Installed the AD2008 R2 (same server) on the same network segment as the Astaro customers, i.e. without going through the VPN. We have not had the error.
3. Configured the AD2008R2 to the functional level 2008 R2. We have not had the error.
4. Put back the remote site hosted AD2008 R2 with VPN, the problem returned.
Astaros has no blocking policy - Firewall: ANY-ANY-ACCEPT
5. We decided configure authentication of users as E-Directory, however, Web Proxy authentication in the Profile remains in Active Directory SSO. Didn't have error and all rules and policies have acted properly.
2012:04:13-13:13:18 ASG httpproxy[6607]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="20.30.40.2" dstip="216.157.17.164" user="piao" statuscode="200" cached="0" profile="REF_HttProPiaozada (Piaozada)" filteraction="REF_HttCffPiaozada (Piaozada)" size="28680" request="0x8fc9010" url="http://www.baboo.com.br/default2012.htm" exceptions="" error="" category="178" reputation="neutral" categoryname="Internet Services" content-type="text/html"l="http://www.google-analytics.com/ga.js" exceptions="" error="" category="178" reputation="neutral" categoryname="Internet Services"
6. could confirm if this is a bug when using IPSec VPN? In my opinion, we have the same configuration, but using different authentication method. :confused: After you disable and Directory, the rules still continued working. However SSO is configured for Active Directory and E-Directory.
Access ASGs - Backup Files:
Login: admin
Password: siemens
I look forward to a brief return.
Sorry for my Google Translator english! :-D
2012:04:12-17:00:22 ASG[6419]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="20.30.40.2" dstip="" user="piao" statuscode="407" cached="0" profile="REF_HttProPiaozada (Piaozada)" filteraction="REF_HttCffPiaozada ()" size="4635" request="0xa3f3ca8" url="http://br.msn.com/favicon.ico" exceptions="" error=""
1. Configured the Active Directory functional level to Windows 2003, nevertheless, problems continued.
2. Installed the AD2008 R2 (same server) on the same network segment as the Astaro customers, i.e. without going through the VPN. We have not had the error.
3. Configured the AD2008R2 to the functional level 2008 R2. We have not had the error.
4. Put back the remote site hosted AD2008 R2 with VPN, the problem returned.
Astaros has no blocking policy - Firewall: ANY-ANY-ACCEPT
5. We decided configure authentication of users as E-Directory, however, Web Proxy authentication in the Profile remains in Active Directory SSO. Didn't have error and all rules and policies have acted properly.
2012:04:13-13:13:18 ASG httpproxy[6607]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="20.30.40.2" dstip="216.157.17.164" user="piao" statuscode="200" cached="0" profile="REF_HttProPiaozada (Piaozada)" filteraction="REF_HttCffPiaozada (Piaozada)" size="28680" request="0x8fc9010" url="http://www.baboo.com.br/default2012.htm" exceptions="" error="" category="178" reputation="neutral" categoryname="Internet Services" content-type="text/html"l="http://www.google-analytics.com/ga.js" exceptions="" error="" category="178" reputation="neutral" categoryname="Internet Services"
6. could confirm if this is a bug when using IPSec VPN? In my opinion, we have the same configuration, but using different authentication method. :confused: After you disable and Directory, the rules still continued working. However SSO is configured for Active Directory and E-Directory.
Access ASGs - Backup Files:
Login: admin
Password: siemens
I look forward to a brief return.
Sorry for my Google Translator english! :-D