Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 2453 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to avoid domain authentication on allowed router IP?

Moeed Aziz

 Hi,

I have Sophos Home edition on a machine, which use AD authentication in user-based rules to allow internet. In addition to that we have some IP based rules as well for some devices that cannot be joined (or we don't want to join them) to the domain (for example routers, mobiles etc.).

Now the problem arises when a domain joined laptop connects to a wifi router, whose IP is opened for internet in IP based rules.

The problem is that all devices connected to that router, start getting user authentication dialog box (picture attached).

Is there a solution to this issue? Any help is appreciated.



This thread was automatically locked due to age.
  • 0

    So there's an wifi-ROUTER (not AccessPoint?) within your internal network, that uses nat/masq?
    If so you might user another interface on sophos firewall for that wifi-network and use accesspoint without NAT. You can create custom firewall-rule for that specific network and dhcp on sophos, ...

    If you wifi-device is not natting and wifi-devices get internal ip, you cannot exclude your wifi-routers ip-address. You need to exclude every wifi-devices address.

    If you want to keep you setup like that: you might change the order of your fw-rules, so IP-Based rule are first.
    ...or create clientless-user and include in user-rules IP-based for your wifi-router.

  • 0 in reply to FFin

    Yes I want to keep my existing setup.

    Doesn't matter if IP-Based rule is first, because when a domain joined laptop connects to the router, it starts sending authentication which causes all the router clients authentication prompt.

    and no client is installed on any users at all.

  • 0 in reply to Moeed Aziz

    172.19.0.5 is the Router IP or the Firewall-IP ?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to Moeed Aziz

    Can you make us a simple network diagram of how it is connected with wifi-router and firewall?

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Unfiltered HTML