AD Connector & Policy Manager when a default rack exists

[JeffVCS]

Hello All,

I recently inherited a network at K-12 school.
They've been adding static IP entries for staff to bypass the filter, but I'm going to have to change the IP range for the network, and don't want to add 50+ static entries back in.

I have the AD connector up and running, I have the login script pushed down via GPO and I see entries in the AD connector.

My question: All of the tutorials for Policy manager show using a new install. I've got an existing install and all the current rules are on the default rack & policy.

I've tested building a second rack, tying different groups to the default rack and policy, but I can't seem to get the group for staff to bypass the filter.

I'm sure I'm doing something wrong. I've used Untangle before, but never the paid version. (It was one of the reasons I got hired!)

Thoughts?

[sky-knight]

Configure the Default Rack with your restrictive web filter. Configure a new Staff rack with the open filter for the staff to use. Use policy manager to route an AD group into the Staff rack.

Dig into the AD connector and make sure the users are actually listing in the user / IP table. If they aren't, your script is not working right.

Also, if you have all of that stuff, you should have a support bundle. Call UT support and let them help you sort it out.

[JeffVCS]

The users are listing in the User/IP table, so I know the script is working correctly.

As for the other part, I did it the opposite way.

I assigned my students group to the default rack, and had a less restrictive rack with no groups assigned.

I'll try it the other way and see if I get different results.

And if that doesn't, then I call support.

[JeffVCS]

Got it working!

I noticed that the settings on the default rack policy had been changed (for no good reason) when I fixed that, it started working.

[sky-knight]

It's always something simple!