EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: conceptmedia on Friday 01 August 2014, 08:12:41 am



Title: AD non authenticated users are not blocked by the HTTP proxy
Post by: conceptmedia on Friday 01 August 2014, 08:12:41 am
Hello,
 
When the HTTP proxy is activated by joining a MS SRV AD, computers that have not joined the domain and do not have the browser proxy configured but have their network configuration according to the Green zone are able to go through the efw without any trouble without being blocked by the proxy.

Does anybody know of a way to create an access rule that prevents unauthenticated users to the domain AD to be blocked by the HTTP proxy?

Many thanks.



Title: Re: AD non authenticated users are not blocked by the HTTP proxy
Post by: Di4bLo on Sunday 24 August 2014, 07:59:33 am
As far as I know, if you use NTLM, the user logged to the computer is automatically used for the browser authentication.


Title: Re: AD non authenticated users are not blocked by the HTTP proxy
Post by: Eduardo on Sunday 24 August 2014, 05:22:08 pm
Did you uncheck the HTTP and HTTPS traffic checkbox on the firewall?


Title: Re: AD non authenticated users are not blocked by the HTTP proxy
Post by: conceptmedia on Monday 25 August 2014, 07:43:18 am
Hello, and thanks for your comments.

The HTTP and HTTPS proxies are enabled and do make their job if the computer/user has joined the AD domain and has the browser connection configured to use the firewall proxy.

But as I found out if this computer/user belongs to the green zone but has not joined the AD domain (so, it is on a workgroup) and the browser is not configured to use a proxy, the firewall let it go out trough the red zone without checking it.

There should be a way, in the firewall, to prevent users that are not joined to the domain to go through.

Thanks again.
JP



Title: Re: AD non authenticated users are not blocked by the HTTP proxy
Post by: Di4bLo on Tuesday 09 June 2015, 05:26:58 pm
You could remove the gateway from the network settings, you could disable the HTTP and HTTPS rules on the firewall or if you know the IPs you can create a deny rule on the firewall for computers that are not joined to the domain.
I use the first option.


Title: Re: AD non authenticated users are not blocked by the HTTP proxy
Post by: mmiat on Tuesday 09 June 2015, 08:12:55 pm
why you don't use transparent proxy?