Is it possible to authenticate web categories in the navigation profile on XG Firewall

Hi all!!!

I am migrating Firewall Fortigate settings to a Sophos XG.

I want to know if Sophos XG has the function of authenticating web categories within a navigation profile? for example, assigning a group of web categories authentication mode this means that when several users consult the categories and reach a quota limit request a domain user authentication or local user firewall.

The Fortigate device has this function and I want to know if Sophos XG has it?
I attached an examp le, see the image.

  • Hi,

    simple answer is no.

    I would suggest you talk to your reseller/partner about the use of policies in XG.


  • The simple answer is no...  but maybe.  It depends on what you are trying to do.  Since I don't know the Fortinet functionality and you don't really explain it, I cannot give exactly what you want.

    Here is a one of the things the XG can do.


    If you want to allow access to all categories with any authentication, but certain categories require authentication and get quota.

    Configure the system for captive portal authentication.  Configure AD.

    On the firewall rule, do not enforce authentication.  Select the web policy.

    In the web policy have most of your rules apply to "Everyone", which means that they apply to unauthenticated user.s

    Have the following rules

    Sales Team | File Sharing | Quota 

    Everybody | File Sharing | Block


    So an unauthenticated user comes in and hits the block rule.  This gives them a block page - which contains a link to the captive portal.  The click the link to log in.  The page reloads and if they are a member of the Sales Team AD group they are now allowed with quota.

    This can also be done with AD SSO, which is attempted before the block page.  If all your users are members of AD this is smoother.  But in that scenario, why not just do AD SSO from the beginning.