Hello,
I have downloaded the 30days trial of the Security Gateway version 8.301 to evaluate the product and I need some help in order to configure it.
I have an Active Directory running on a W2003 Server.
What I am trying to do is the following:
I want different user groups to have different access levels. I know I can achieve that through "Web filtering Profiles". I have made a setup which I'll analyze later, and I am getting an "Authentication Failed" on the user's browser!
In order to configure it I followed the steps bellow (Some steps might be unnecessary, I am not sure...):
1. In WebAdmin, "Definition and Users"->"Network". I created my Domain Controller. Type:Host, Interface: Any
2. My DC is also a DNS server. So I put it as a forwarder in "Network Services" ->DNS->Forwarders.
3. In "Network Services" ->DNS->Request Routing I created a new DNS request giving my full domain name (domain.local) and the DC as a Target Server.
4. In "Definition and Users"->Authentication->Server tab I added the DC. Both tests passed.
5. In "Definition and Users"->Authentication->SSO tab I joined the device to the domain. Current status "Joined Domain".
6. In "Definition and Users"->Authentication->Advanced tab in the "Prefetch " section, I selected the domain controller and the users group to be fetched daily.
7. In "Definition and Users"->Authentication->Global Settings I ticked the "create users automatically" (not sure why) and also ticked "Client Auth." and "Web filter".
8. I created a group in In "Definition and Users"->Users->Group tab, named test, group type: "Backend membership", backend: "AD", ticked "limit to " and added the user group with the users I wanted.
9. "Client Authentication" is disabled in "Definition and Users"->Client Authentication
10. Enabled Web Filtering in "Web Security"->Web Filtering->Global tab, in allowed networks put "Internal Network" and "Transparent Mode" with no "Authentication".
11. In "Web Security"->Web Filtering->URL Filtering tab, I clicked on "Block Content that does not match the criteria below" because I want my default rule to be block all.
12. In "Web Security"->Web Filtering Profiles->Filter Actions tab I created a filter with some restrictions.
13. In "Web Security"->Web Filtering Profiles->Filter Assignments tab I created a new filter assignment. Named it Test, added the group which I selected it from the prefetched groups and put as "filter action" the previously selected filter action.
14. In "Web Security"->Web Filtering Profiles->Proxy Profiles tab, I created a new profile, named it Office, source network: internal, filter assignments: the previously created, fall back action:default filter action, Operation Mode: standard, Authentication Mode: AD SSO.
From the User side now, I just put the Astaro's IP as a gateway and in IE settings, proxy server, I put astaro.domain.local in port 8080. (astaro is the name of my Gateway). Also ticked "Bypass proxy for local addresses".
In any page I put (apart from my intranet page) I get an Access denied: Authentication failed error .
What am I missing ?
Thank you in advance and forgive me for the long message but I wanted to include every step I did
I have downloaded the 30days trial of the Security Gateway version 8.301 to evaluate the product and I need some help in order to configure it.
I have an Active Directory running on a W2003 Server.
What I am trying to do is the following:
I want different user groups to have different access levels. I know I can achieve that through "Web filtering Profiles". I have made a setup which I'll analyze later, and I am getting an "Authentication Failed" on the user's browser!
In order to configure it I followed the steps bellow (Some steps might be unnecessary, I am not sure...):
1. In WebAdmin, "Definition and Users"->"Network". I created my Domain Controller. Type:Host, Interface: Any
2. My DC is also a DNS server. So I put it as a forwarder in "Network Services" ->DNS->Forwarders.
3. In "Network Services" ->DNS->Request Routing I created a new DNS request giving my full domain name (domain.local) and the DC as a Target Server.
4. In "Definition and Users"->Authentication->Server tab I added the DC. Both tests passed.
5. In "Definition and Users"->Authentication->SSO tab I joined the device to the domain. Current status "Joined Domain".
6. In "Definition and Users"->Authentication->Advanced tab in the "Prefetch " section, I selected the domain controller and the users group to be fetched daily.
7. In "Definition and Users"->Authentication->Global Settings I ticked the "create users automatically" (not sure why) and also ticked "Client Auth." and "Web filter".
8. I created a group in In "Definition and Users"->Users->Group tab, named test, group type: "Backend membership", backend: "AD", ticked "limit to " and added the user group with the users I wanted.
9. "Client Authentication" is disabled in "Definition and Users"->Client Authentication
10. Enabled Web Filtering in "Web Security"->Web Filtering->Global tab, in allowed networks put "Internal Network" and "Transparent Mode" with no "Authentication".
11. In "Web Security"->Web Filtering->URL Filtering tab, I clicked on "Block Content that does not match the criteria below" because I want my default rule to be block all.
12. In "Web Security"->Web Filtering Profiles->Filter Actions tab I created a filter with some restrictions.
13. In "Web Security"->Web Filtering Profiles->Filter Assignments tab I created a new filter assignment. Named it Test, added the group which I selected it from the prefetched groups and put as "filter action" the previously selected filter action.
14. In "Web Security"->Web Filtering Profiles->Proxy Profiles tab, I created a new profile, named it Office, source network: internal, filter assignments: the previously created, fall back action:default filter action, Operation Mode: standard, Authentication Mode: AD SSO.
From the User side now, I just put the Astaro's IP as a gateway and in IE settings, proxy server, I put astaro.domain.local in port 8080. (astaro is the name of my Gateway). Also ticked "Bypass proxy for local addresses".
In any page I put (apart from my intranet page) I get an Access denied: Authentication failed error .
What am I missing ?
Thank you in advance and forgive me for the long message but I wanted to include every step I did