?
Solved

Sonicwall content filter, users keep getting default policy

Posted on 2016-10-18
7
Medium Priority
?
56 Views
Last Modified: 2016-11-22
Hi
 We are using a Dell Sonicwall NSA 4600 on Firmware  SonicOS Enhanced 6.2.6.0-20n, we use the content filtering module on it to restrict users website access , using SSO and LDAP to AD.
 Through out the day users will randomly lose their internet policy and get the default policy blocking majority of websites. I have found by locking and unlocking the PC it restablishes the policy and they can continue in the majority of scenarios to browse the internet again.

 I have disabled AV (SEP) and it still happens, all users are on Windows 7.

Any help would be appreciated!

Thanks
0
Comment
Question by:adviceplease
  • 4
  • 3
7 Comments
 
LVL 32

Expert Comment

by:masnrock
ID: 41849028
Have you checked the power management settings on the network cards?

Another way you could try doing the policies is by MAC address and IP. However, this also assumes that users are not sharing machines...
0
 

Author Comment

by:adviceplease
ID: 41850243
No its not power management settings as the users are using other applications at the time

MAC address /IP is not an option due to the size of the estate

thanks
0
 
LVL 32

Expert Comment

by:masnrock
ID: 41850379
Do multiple users share machines? SSO doesn't work well with switching users. You'd have to make sure each user signs off, and the new user signs in.

You may also want to look at excluding service accounts, as even Sonicwall has admitted it's caused issues for them:
https://support.software.dell.com/kb/sw5589
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 

Author Comment

by:adviceplease
ID: 41857059
the users effected aren't using multiple machines. all have HP laptops

is random but happens to a lot of people throughout the day,everyday

if these users lock their machines and unlock using their domain credentials again , it works

very frustrating!
0
 
LVL 32

Expert Comment

by:masnrock
ID: 41867445
Just noticed your last post. However, I'd suggest that you check to see if there is a communication issue between SSO agent and the server. That seems to be the most likely cause.

However, at this rate, if you still have the support, I'd contact the support engineers at Sonicwall.
0
 

Accepted Solution

by:
adviceplease earned 0 total points
ID: 41868586
Hi All
 Several issues here that i have now resolved and all working.

If the Domain User Profile has been copied from another Domain user when originally created , Sonicwall policies don't like the profile deleted the profile and changed the name slighly, no further issues

for the majority of the other users the fix was :

- make probe to WMI first on the SonicWALL and also on SSO agent.

- To Make WMI probing first goto Firewall users -> Settings -> sso agent -> configure -> users tab -> Probe users for select WMI and hit apply/ok.

so needs changing on both SSO agent (might be a dedicated server or on your DC's) and the actual Sonicwall

in some cases it can be firewall on the endpoints, you need to make sure TCP/UDP 1726,135,445 and 139 on windows firewall and Client AV on all machines aren't blocked
0
 

Author Closing Comment

by:adviceplease
ID: 41876003
found out for myself........
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question