The Client Authentication Agent (CAA) is a lightweight agent for the sole purpose of authenticating users with the XG Firewall. This is the preferred option to authenticate users on the local network for the MAC based login restriction. Various flavors of OS are supported: Windows, MAC, Linux 32 & 64 bit.
This article describes the configuration and improvements of the Client Authentication Agent in SFOS v17.5.
Note: In case of two different authentication mechanisms applied to the same user, like CAA and Synchronized User ID, the current behavior is the first login is used until the second login arrives which will result in logging the user off from the first authentication mechanism and logging the user on the second authentication mechanism which explains some logon/logoff events seen in event logs. The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
User database either via Local, AD, LDAP, RADIUS, TACACS+, or eDirectory.
Strict authentication allows the XG Firewall to associate the user account with the IP address and the group policies. This is required for the Client Authentication Agent to work.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.