Sophos UTM HTTP Proxy Does Not Work On Version 9.5
There is a known issue where Httpproxy with AD-SSO authentication in transparent mode doesn’t work with IE and Chrome after upgrading to Sophos UTM 9.5. Sophos are aware of this.
Resolution:
Upgrade to Sophos UTM 9.5 MR2 (9.502) which has been released and fixed this issue. Then, if possible update to the latest current version.
A domain re-join is necessary for making AD-SSO to work if you update to 9.502 and the appliance was rebooted between 9.501 and 9.502 update:
The re-join can be done following these steps:
-
- In the WebAdmin, browse to Definition & Users > Authentication Services > Single Sign-On.
- Type the username with incorrect password in the Active Directory Single-Sign-On (SSO) fields.
- Click Apply.
- Wait for error message in WebAdmin (Joining the domain failed).
- On a domain controller, manually delete the UTM’s computer account from AD; sync changes will ALL domain controllers.
- Type the username with correct password in the Active Directory Single-Sign-On (SSO) fields.
- Wait for error message in WebAdmin (Active Directory SSO saved successfully).
If the appliance has been rebooted between 9.501 installation and 9.502 upgrade, then re-joining will fix Kerberos authentication and ad-sync.
If the appliance has not been rebooted between 9.501 installation and 9.502 upgrade, then re-joining will fix ad-sync. Kerberos authentication would correctly work without re-joining.
The reason for this is that the machine password (that was changed via net ads changetrustpw) is lost during mdw restart.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.