I don't think that will work transparently, but I haven't ever tried anything like that. I think the SonicWall can differentiate between an account is authenticated via the SSO agent and one that is authenticated locally. Even if the account name is the same in each directory, the user will have to authenticate against the firewall somehow to experience the benefit of the dedicated filtering policy.
What I did is create a generic local account called 'bypass' that bypasses all content filtering. All of my users know the associated password and can use it when running across a blocked site. The local login time is set to 30 minutes when using that account (quite lengthy, I'll admit), so eventually they go back to 'being themselves' instead of 'bypass'. That may not be an appropriate solution for your org, but it has worked pretty well for us. Anyone can bypass the filter, but they rarely do unless they need to. Having to positively input credentials, even generic ones, goes miles toward preventing unwanted Internet activity. And I work for a very small org., there's only 2 of us in IT, etc., etc., etc. On Fri, Sep 14, 2012 at 2:21 PM, James Kerr <[email protected]> wrote: > Heh guys, > > > In other words, I doubt it. But, I haven't ever tried it. > > I know there are more then a few of you on here with Sonicwall firewalls > and maybe you can answer my question. As far as content filter polices go, > will local user policies override local groups? For example, if I have an > AD security group that is assigned a certain policy but I have one user > that's in the group that needs a different policy then the others can I > just import his account into local users and assign that user the policy I > want? That makes sense to me but things don't always make sense. > > James > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
