AD non authenticated users are not blocked by the HTTP proxy

[Guest]

[conceptmedia]

Hello,
 
When the HTTP proxy is activated by joining a MS SRV AD, computers that have not joined the domain and do not have the browser proxy configured but have their network configuration according to the Green zone are able to go through the efw without any trouble without being blocked by the proxy.

Does anybody know of a way to create an access rule that prevents unauthenticated users to the domain AD to be blocked by the HTTP proxy?

Many thanks.

[Di4bLo]

As far as I know, if you use NTLM, the user logged to the computer is automatically used for the browser authentication.

[Eduardo]

Did you uncheck the HTTP and HTTPS traffic checkbox on the firewall?

[conceptmedia]

Hello, and thanks for your comments.

The HTTP and HTTPS proxies are enabled and do make their job if the computer/user has joined the AD domain and has the browser connection configured to use the firewall proxy.

But as I found out if this computer/user belongs to the green zone but has not joined the AD domain (so, it is on a workgroup) and the browser is not configured to use a proxy, the firewall let it go out trough the red zone without checking it.

There should be a way, in the firewall, to prevent users that are not joined to the domain to go through.

Thanks again.
JP

[Di4bLo]

You could remove the gateway from the network settings, you could disable the HTTP and HTTPS rules on the firewall or if you know the IPs you can create a deny rule on the firewall for computers that are not joined to the domain.
I use the first option.

[mmiat]

why you don't use transparent proxy?