we plan to use a (first) MWG 7.2 for authentication and logging and then send all the traffic to another (second, next hop) MWG 7.2 where filtering and scaning will be done.
It's also requried to have different regulations for users, depending on which AD groups they are members of.
Authentication is done by using NTLM and an Active Directory.
I've already implemented the "Get Group Membership from Downstream Proxy" on the second MWG, which should work if the first MWG would send the group information to the second MWG...
Documentation only says it assumes that the first proxy is already configured to send group memberships in a "X-Autrhenticated-Groups" header,
How can I configure this?
I added the screenshot to the rule set documentation. I think it may help to at least show an example, even if the exact setup is not described in that document.