Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 12873 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Authentication with local user

Renede Bie

Hi,


I just installed Sophos XG it works ok when I setup in gateway mode.

I created local users and groups

When I add a rule that these users/groups need to authenticate nothing happens I cannot open any website

I can open the sophos portal and login with the local user accounts

Is there a how-to to make a web-site authentication username/password before local users can browse the internet.



This thread was automatically locked due to age.
  • 0
    Rene,
    you can connect to https://xgaddress and download the client. In this way users are authenticated automatically using the client on the computer/mac.
    Otherwise you should configure Captive Portal on your XG and when someone tries to surf on internet, a XG page requests for credentials.

    Luk
  • 0

    Hi Rene,

    You can achieve this by creating a policy rule at the bottom of the rule set that drops all unauthenticated traffic, the system behavior is that if a user attempts to access a resource and it cannot as an unauthenticated user than the will get a HTTP redirect to the captive portal on the appliance.

    Depending on the initial wizard execution a rule that allows unauthenticated traffic may already exist, if this rule does indeed exist you just need to change the action from "accept" to "drop"

    Please be aware that the redirection mechanism will not impact not HTTP traffic such as network applications and HTTPS traffic, you may need to advise your users to open a public HTTP based website or provide them with a link to the captive portal.

    Due to the above challenges you may want to consider using the authentication client (as suggested to you in another post) or if the network has this infrastructure the SSO integration such as STAS with Active Directory or RADIUS SSO with WPA2 Enterprise Authentication in a WiFi Environment.

    Thanks,

    Leon

    Leon Friend

    Sophos Sales Engineer

    Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

Unfiltered HTML