Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 39 subscribers
  • Views 2208 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Authentification Client Router IP

Freddy86

Hello,

we shortly changed our routing layout to a 2 zone firewall design. We've got a xg330 Cluster that's connected to our ISPs and behind it, connecting lan and mpls is a XG450.

 

 

 

After some starting trouble with routing and firewall rules, it is working fine. The only thing that buthers me is authenticating the ad users. The authentification client uses it's default gateway to authentificate. Is there a way to change this behaviour? Today i implemented STAS and we will try this, but the authentification client would be my prefered way to authenticate.

 

What would be the best way to solve this?



This thread was automatically locked due to age.
Parents
  • +2

    Hi  

    CAA uses to connect XG for authentication on IP (1.2.3.4 on port 9922). 

    Sophos listens to authentication requests on UDP port 6060 or 9922.

    If you want to authentication client network users to XG330 with CAA(client authentication Agent) then you can disable "client Authentication" in XG450 from Device Access.

    and create firewall rule in XG450 to allow traffic from client network to XG330 cluster with service as UDP 6060 and UDP 9922.

    Hardik R 
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Hardik_R

    Thank you. This solved it :)

Reply Children
Unfiltered HTML