Sonicwall NSA 2400 Content Filtering for Groups issue
Posted on 2010-11-22
We deployed Sonicwall NSA 2400 appliance in order to take advantage of Content Filtering per groups.
I`ve noticed that in order for CFS to work properly when SSO Agent checks which user is logged in to machine (Windows Firewall needs to be disabled). I applied a GPO to disable Windows Firewall. Sometimes GPO doesn't apply properly, so I have batch files that users can run in case GPO doesn't apply.
I have 3 groups for Content Filtering:
Full Access (most of categories allowed)
While Full Access is the group with the most rights, I still do not want this group to stream music or access youtube. Therefore I created the 4th Group- "Full Access w Streaming"
Default policy is the most restrictive so if SSo Agent can't verify the user name vs Group, then no websites are accessible.
The problem recently is that from time to time SSO agent can't determine the user logged in to the machine and therefore applies Default policy. I have SSo Agent running on two separate boxes....
I checked that Windows Firewall is disabled, also looked at Symantec logs (nothing found in SEP logs), verified that even IPv6 is disabled.
When I log in to the Sonicwall appliance and look at User Status, I see that form time to time Users are applied with "Default" policy and that other policies (which should be aplied to them, "Full Access" well, they somehow do not apply).
So far the work around that I found is to disconnect the User`s session directly from Sonicwall -> Users then have user log off and log back in. I'm not sure why this is happening, what else should I be looking for ?
Anyway to refresh the SSO Agent session without me having to login to the appliance and disconnect the user (sometimes logging the user off or restarting PC doesn't help, until I manually disconnect the user from Sonicwall). i understand that restarting the PC should take care of it, but somehow Sonicwall hangs on to it and even after restart the "Default" policy is still applied.
I spoke with Sonicwall as SSo Agent kept throughing in errors that relate to Windows Firewall being enabled, but that was the only solution that Sonicwall provided.... I know that Windows Firewall is disabled and Sonicwall are unable to offer anotehr solution or a workaround...
Any ideas are greatly appreciated...