9 comments

Add a comment…

Sign in

prestine

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

• 
• 

UserVoice password

Forgot password?

Create a password

Your name

I agree to the terms of service

Signed in as (Sign out)

Close

Close

Post comment Submitting...

• Martin Herbert commented  ·  December 21, 2011 10:07 p.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  I need this feature too. We need to add snat to our users for access a special external network. Because we use dhcp, we need to edit our snat's after changing user workstations to hold the functionality. The webproxy of astaro reads the ip from the usersource/userdirectory (edir/ads). It would be very helpful to add this ip to the remotely authenticated user object.
  Thank you

• AdminAngelo Comazzetto (Product Ninja, Sophos Features & Ideas Laboratory) commented  ·  July 8, 2011 11:56 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  Hi Gabryel. Note that isn't the same thing. In this case, the user request for this feature is to have the proxy authentication map over to a user object for other uses. We in 8.200 will map IP's to users if they make use of the Astaro Authentication Agent, but simply authing against the HTTP proxy won't trigger the same thing in the user object.

• gabryel976 commented  ·  July 5, 2011 11:21 p.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  Included in 8.200 - official release on 21st of July 2011

• Dmitry commented  ·  July 4, 2011 9:44 p.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  Please, make it possible to map users to IP for IM/P2P policing

• Dmitryi commented  ·  July 4, 2011 9:43 p.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  We desperately need this feature!

• Marco Feuerstein commented  ·  October 28, 2010 9:31 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  Okay we also need this feature.
  We want User-Based Paketfilter Rules instead of IP-based.
  So if Astaro would identify the user over the Proxy Function it would be awesome!

  Our workaround in the moment is a dial in via OpenVPN, also from inside of the network. So we can configure user-based policies for special needs.

• MM commented  ·  August 22, 2010 2:57 p.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  it´s urgent needed like Cisco´s way to give users the ability for flexible useraccess to internal ressources.

• gabryel976 commented  ·  August 22, 2009 6:39 p.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  If you wanna configure a packet filter rule based on user and NOT ip address, there is NO chance to have it right now. Having a great authentication module, there are many customers with dozen of PCs that have NOT a fixed IP address configure on each PC, but only DHCP, that would like to allow whole internet traffic in based of who is surfing internet.

  Many competitors have this feature already, and in my opinion it's a key feature, since ASTARO is able to map in the middleware (so in the packet filter rules) the user's IP address is provided by the ASG, such ROAD WARRIOR IPSEC VPN with IKE config turned (IKE CONFING is a kind of DHCP over VPN) or SSL VPN. If you configure an STATIC IP address in a USER object, this ip address will be mapped in the middle once the IPSEC connetion will be triggered. At the same time, would be very useful and confortable to have the same thing when a user authenticates himself agaist the HTTP PROXY, since the HTTP PROXY knows user and IP address is trying to estabilish a connection with it.

• Bob Alfson commented  ·  July 27, 2009 8:34 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  What problem are you trying to address? How is this different from existing functionality?