I am currently looking for a lean solution to build a rule per firewall that only applies to authenticated users. I have connected the firewall to the AD and installed the "Client Authentification Agent" on the (Windows) client. The user authenticates himself against the AD via the firewall and the rule with "Match known users" takes effect. So far everything is fine.
The small hook comes now. The whole thing must run on 40 firewalls. For the whole thing to work with multiple firewalls, I would have to import the "ClientAuthentication_CA" certificate from each firewall into the client. Then I would have 40 Sophos CA certificates on each client, which I would consider very unattractive.
I have used the CLI (/conf/certificate/internalcas/ClientAuthentication_CA.*) on a test box to replace the certificates with the certificates from another box. When I then try to download the certificate in webadmin, I get the new certificate. However, the authentication itself still has the old certificate. So unfortunately, it is not so simple...
Is there a way to export the "ClientAuthentication_CA" certificate of one firewall and import it into the other firewalls?
[edited by: Erick Jan at 9:40 AM (GMT -7) on 19 Sep 2023]