Currently Backend authentication hotspot type is not supported in XG,

you can report this feature request at  feature.astaro.com/.../330219-sophos-xg-firewall

I already did, but I have not gotten any response

http://feature.astaro.com/forums/330219-sophos-xg-firewall/suggestions/11057526-configure-hotspot-users-for-backend-authentication

As there is a planned feature parity with the UTM at the later half of this year, at least by H2-2016 this feature should be implemented and may not require a feature request as this should be covered by that.

There is a backend authentication system you can use called the Client Authentication portal which you can use to redirect users after accepting a Terms of Use Hotspot type: http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp/WebClientPortalEdit.html#

I've used this successfully in various scenarios wherein I've setup a Network Rule (No User Identity to block them) and I reconfigured the Global Block message to also include if they're connecting to XYZ wireless they need to go to http://XGIP.com:8090 and log in. Then you can create a User Policy that applies to the group of users or use existing ones you already have in you Security Policy system.

It's not perfect and I can't wait till the Client Auth Portal is integrated with the backend authentication because this will open a world of possibilities that the UTM just can't do right now.

Hope that helps,

Emile

As there is a planned feature parity with the UTM at the later half of this year, at least by H2-2016 this feature should be implemented and may not require a feature request as this should be covered by that.

There is a backend authentication system you can use called the Client Authentication portal which you can use to redirect users after accepting a Terms of Use Hotspot type: http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp/WebClientPortalEdit.html#

I've used this successfully in various scenarios wherein I've setup a Network Rule (No User Identity to block them) and I reconfigured the Global Block message to also include if they're connecting to XYZ wireless they need to go to http://XGIP.com:8090 and log in. Then you can create a User Policy that applies to the group of users or use existing ones you already have in you Security Policy system.

It's not perfect and I can't wait till the Client Auth Portal is integrated with the backend authentication because this will open a world of possibilities that the UTM just can't do right now.

Hope that helps,

Emile