AD Security Groups

We are looking at using Sophos at our business and I am trying to setup a demo but I am running into some issues.

I want to be able to direct users to a content filter based on the AD OU or Security Group. I know you can do via IP subnet but I don't think that will work for us.

I have the following Setup:
Web Filtering - Global
Our Networks
Allowed Users and Groups - Active Directory Users
Authencation: Basic User.

When I hit a webpage I am able to login with my AD logins and gain access to the internet.

Filter Assignment:
Allowed Users/Groups - Content Filter Group of which I am a member.
Filter Action - WHITE LIST ONLY GROUP (one I made up)

FIlter Actions:
WHITE LIST ONLY GROUP
Mode: Block By Default
And I have a bunch of allowed sites listed.


Even with all the above setup when i hit the proxy the live log shows.
profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9450" request="0xf717988"

I cannot find anything with Default Profile, I know there is a default block profile but the Default Profile is allowing all traffic.

What am I doing wrong?