Recently we have purchased the Webwasher appliance and are facing few issues importing the ealier configuration settings.
There are Two things I would require your opinion and guidance on,
1. We need to allow few users to have access to few authorized sites other than the standard access.These users are already part of standard internet access.
2. Although we have a Web Mapping Configured, we have received complaints from many of the users about "No Authorization" and "No User Mapping" related messages. can you please guide me how to troubleshoot user mapping related issues?
Highly appreciating your support,
Thank you for your question.
The first step in achieving this is to isolate the group of users whom need special access to their own policy.
Once they have their own policy you must determine the best method for allowing the type of traffic so they can reach their destination.
One quick example, if you are blocking say the "gambling" category but your users need access to a site categorized as such:
However, to answer part of your question. When a user receives the error message "No Authorization this means the user failed mapping to a policy.
How are you authenticating users?
on 11/18/10 9:45:04 PM CSTon 11/18/10 9:46:32 PM CST
Sorry for a very late response and thanks for the answer.
User mapping is still an issue.
We are using NTLM authentication for the Users and additional input I can provide is, in error page we see either the URL or the IP address against the User name Value. I think this is the main reason of User Mapping failure, Bu t I am not able to find the culprit. is it the browser (IE or Firefox) or the proxy?
Guide me pls.
maybe the ntlm-auth-requests ran into an overload-condition at the domaincontroller. you should consider to cache ntlm-requests for better performance. I'm not sure about the exact location of this configuration option, but you can easily find it if you enter ntlm in the 'search' field at the config panel.
hope this helps
Gerhard[Addendum] this is true for mgw 6.8.x - maybe for mgw 7.0 there are other options to achieve the same thing.
maybe you should rise the ntlm-cache-ttl. we have defined 300secs = 5min here. another thing to consider: how many dc's per domain do you have defined under 'user mgmt - windows domain membership'? for backup and maybe performance reasons you should have two dc's defined at least.
and for the network side you should also check the interfaces and their speed and duplex. sometimes there are differences between switchport and eth-speed/duplex.
otherwise I'm clueless
I will try increasing the TTL as guided by you.
As far as DCs are concerned, we have configured THREE DC servers under the authentication.
Anyhow, Thanks a lot for your valuable time.
I will post any update in the issue.