Web Protection: Terminal Server Support for Authenticated Transparent Proxy
At the moment, the Transparent proxy works by associating credentials with the IP of the "user". Unfortunately, this means that the first Person who authenticates from a Terminal server (like Citrix) authenticates all Users from this Terminal server. Can you change this to Cookie Based or something so authentication works for multiple users sharing the same "IP"?
I'm not sure how it might be accomplished, but it sure would be cool to have...
Setting up a Terminal Server to work in explicit proxy mode avoids this problem.
We have the same problem. The first User on Citrix auth all other users. :-(
That is bad!
Scott Storck commented
too bad this is declined. that way you block people from showing how important this is.
!!! imo a really poor decision !!!
it should not be hard to allow the UTM to reach out and talk to the SAA running on a terminalserver, to check which program and therefore which user is using the port.
...novell bordermanager did this back in the 90's...
explicit proxy mode is not really an option for some customers
Alex Hargrove commented
Isn't this accomplished with the Client Authentication agent?
I'm on 9.1 now and still miss this feature. Is there anything planned for future releases?
Chip Severance commented
Yes! Fortigate can do this - would love to see Sophos add this feature!