Dear All,
we have a couple of SWGs (5.0.2) configured in proxy blocking mode with LDAP authentication. We've adopted the DC Interface authentication method, and we've defined a set of content/URL filtering policies based on AD groups/OUs. Domain controllers run on a win2003 o.s.
Everything is working fine except for the case hereafter described.
If we login on a machine with USER-1 (belonging to GROUP-A), the SWG proxy identifies the user, and then applies the expected policy for that user. After that we login on the same machine with USER-2 (belonging to GROUP-B), and the gateway does not recognize the user ... SWG keeps on applying the policy associated to USER-1 with the potential negative effect for USER-2 of being denied access on a set of web sistes (s)he should be allowed to visit.
If we check the SWGs' reports section (Reports -> Search -> Search by hostname), we still see on the report the first user (USER-1) associated with the machine.
I've attached an example of the SWG report: you can see that on the host named *ts-w3e6-019-011.ar-ent.net* the last authenticated user identified by the gateway is AR-SrvAccount (an administrative user), and to that user the BLOCKAll policy has been applied which prevents Internet access. The behaviour is wrong since administrative users should be allowed access to almost every site; Internet access should be restricted only to a limited set of accounts ...
We were wondering the reason of this behaviour; it's really annoying into our environment, especially if you consider that we have a number of users (about 450-500) which accee our systems via Microsoft Terminal Services (RDP).
Can you please hel us solving ?
Regards,
Sonia