Rules with AD users

sp_david · Mar 21, 2016, 2:41 PM

Hi All,
i'm a newbie on pfsense and i'm trying to figure out how to create firewall rules to filter traffic based on AD users.
I have 3 different AD domains and i want to have only one proxy server to filter Internet traffic on them.

Any suggestions is appreciated.

Thanks

David

muswellhillbilly · Mar 21, 2016, 2:54 PM

You can't filter firewall traffic using AD policies, but you can selectively filter web traffic (http/https) via Squid proxy using AD group membership, if that's what you're after.

sp_david · Mar 21, 2016, 3:10 PM

thanks for your quick reply muswellhillbilly. Yes that's exactly what i want.
Filter traffic in our environment based on AD users/groups

Thank you again

muswellhillbilly · Mar 22, 2016, 9:08 AM

There are any number of howto's on this topic, but here's one to be getting on with:

https://www.howtoforge.com/debian-squeeze-squid-kerberos-ldap-authentication-active-directory-integration-and-cyfin-reporter

From what I understand, it's possible to set AD authentication using Squid/Squidguard on the PFS directly, though I haven't done this myself. If you have a look at the packages involved they ought to be self-explanatory, though there are similar posts to these elsewhere on the forum.