I’m working on a new deployment for MWG 22.214.171.124.0 and I am hitting an issue with Coaching. I started with a canned policy from e2 (PreConfig.126.96.36.199.0-16052.Beta-3.2014-01-05.backup) and that has jumped started the process considerably (thanks). I’m using Kerberos to authenticate the users via the Explicit Proxy Authentication policy and that works great.
So the issue is adding coaching to the mix; I added the policy from the Rule Set Library (Coaching/Quota -> Coaching). One problem I have is: where should the policy be placed relative to the other polices? I noted that if the Coaching policy sits before the Authentication Rules, the coaching redirect fires and I can opt to accept the coaching session. OTOH, if I move Coaching below the Authentication Rules, it does not fire. I don’t get why that would be the case, maybe someone could explain the flow to help clarify that. [Edit] I think this was due to the coaching session time paramters. At the time I tested it, the timer was set for a day, thus no redirect page would fire.
The other problem is: what is the relationship between the “URL Category Blocklist for Coaching” and the “URL filter” rule set? If I put the Coaching policy in a place where the redirect works, and I accept the session, the URL filter rule will block the session because the default behavior is to deny that URL category. It seems to me that the Coaching rule set needs to be above the URL filter, and the filter policy must allow the session. So, in this case, the responsibility for meeting the policy falls back on the user.
I’m coming from a Smartfilter background and maybe I need to change the way I think about it, but my goal is to control access to the Coaching feature. So that if a user accepts coaching, they can override the URL filter that would otherwise block them. I will be adding an AD security group restriction once I get the basic feature to work. In addition for those who cannot use Coaching, the default URL policy should block them.
Below are some of the settings:
I’m hoping some of the seasoned Web Gateway admins can shed some insights.
Message was edited by: firemtn on 3/21/14 5:24:58 PM CDT
Message was edited by: firemtn on 3/21/14 5:26:30 PM CDT