Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
I am migrating Firewall Fortigate settings to a Sophos XG.
I want to know if Sophos XG has the function of authenticating web categories within a navigation profile? for example, assigning a group of web categories authentication mode this means that when several users consult the categories and reach a quota limit request a domain user authentication or local user firewall.
The Fortigate device has this function and I want to know if Sophos XG has it?I attached an example, see the image.
simple answer is no.
I would suggest you talk to your reseller/partner about the use of policies in XG.
The simple answer is no... but maybe. It depends on what you are trying to do. Since I don't know the Fortinet functionality and you don't really explain it, I cannot give exactly what you want.
Here is a one of the things the XG can do.
If you want to allow access to all categories with any authentication, but certain categories require authentication and get quota.
Configure the system for captive portal authentication. Configure AD.
On the firewall rule, do not enforce authentication. Select the web policy.
In the web policy have most of your rules apply to "Everyone", which means that they apply to unauthenticated user.s
Have the following rules
Sales Team | File Sharing | Quota
Everybody | File Sharing | Block
So an unauthenticated user comes in and hits the block rule. This gives them a block page - which contains a link to the captive portal. The click the link to log in. The page reloads and if they are a member of the Sales Team AD group they are now allowed with quota.
This can also be done with AD SSO, which is attempted before the block page. If all your users are members of AD this is smoother. But in that scenario, why not just do AD SSO from the beginning.