Virtual Secure Web Gateway

DCInterface is installed and working ok on the DC, user names are being recognised in the reports and filtering works as per the policies we've put in place for AD groups and groups of users, however there is still a significant category of "Not Authenticated" users showing in the Web Destinations reports. Drilling down I can see the hostname of the desktop is there and it looks ok, but for some reason it's not picking up the user name for these sessions.

The only constant is that the "Top Applications by hits" is 100% HTTPS, but reading up on this there shouldn't be any issue with SWG applying policies and reporting to HTTPS traffic?

Suggestions?

Hi Mike,

A few trouble shooting questions to look at:

1)  Do you have DCinterface installed on all Domain Controllers users are logging into? 
2)  Is the service running on all of the installed DCs?
3)  Are you logging the necessary events (540 and 672) on the DCs?
4)  If this is a brand new install of DCinterface, it may take a day or so for all users to cycle logins for DCinterface to pick everything up.

If those 4 don't lead to anything, I'd recommend contacting support.

Hi,

I have the same problem as Mike...

I have looked at the troubleshooting questions you suggested Sergi...

1) Yes
2) Yes
3) Yes
4) It was installed a few weeks ago

The one (big) difference we have is that my client is in the process of changing domain...we have installed the DCinterface on the two new DCs...but, in theory, all info is replicated between the two domains so there shouldn't be a problem should there?!

My client wants to create a policy so that only domain users can access the internet but obviously with this problem there are many users that dont appear, hence the SWG can't see what group (OU) they are in so it appears they are not in the domain...hence no internet access for valid domain users! Understandably he is not too keen on this happening!

Don,

In your case, I'd want to specifically take a look at what may be occuring because the change in domains may be causing an issue.  Is DCinterface on the new domain as well?  Only way to know for sure would be to have Support take a look at it.

What you are asking should definitely be possible - just have to sort whether or not SWG is getting all the logins (which it appears is not happening).

Hi,

DCInterface is ONLY on the new domain...and the majority of users are still on the old domain...although many show up in SWG.

Don - that would definitely cause an issue - DCinterface monitors the AD event log for login events.  If it's not installed on the domain users are logging into, we won't see the login events.