This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9 Home - Want to use iOS Client Auth - Network Agent Trouble

UTM 9.402-7 Home License

I'm configured OK so far, but would like to use the iOS Sophos Network Agent for easy authentication for my kids and wife.

Based on the info I found, I should be able to log on to the user portal, go to Client Authentication, and 'open with' the client cert into the Network Agent app. The problem is that on the user portal, I only have the option of Win EXE or Mac DMG. No certificate.

I've logged on to the admin console and loaded both the client auth cert and web browsing cert on my iPhone, and the profiles install OK, but the Network Agent doesn't recognize them.

Mac authentication went smoothly with the client from the user portal, and works as it should. Only thing left is the kid's iPads...

How do I get the cert loaded into the Network Agent app on my iOS devices?

Thanks.

This thread was automatically locked due to age.

Parents

0 Michael Dunn over 8 years ago

I think Daniel is confusing the Agent (something that lives in the task bar) with the Certificate Authority (something that allows a browser to accept the UTM as an authority to sign SSL certificates).

Sachin is confusing two different things both called Agent. For the XG there is an authentication agent that sits on the AD server.

The UTM Authentication Agent is not available for IOS devices. I believe the common mechanism people use is to make the DHCP binding permanent then associate a user with that IP. I don't know the exact steps/details but I beleive they have been posted here a few times.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Michael Dunn over 8 years ago

I think Daniel is confusing the Agent (something that lives in the task bar) with the Certificate Authority (something that allows a browser to accept the UTM as an authority to sign SSL certificates).

Sachin is confusing two different things both called Agent. For the XG there is an authentication agent that sits on the AD server.

The UTM Authentication Agent is not available for IOS devices. I believe the common mechanism people use is to make the DHCP binding permanent then associate a user with that IP. I don't know the exact steps/details but I beleive they have been posted here a few times.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Michael Dunn over 8 years ago in reply to Michael Dunn

Nope, I'm confused as well. :)

The UTM has an Authentication client for Windows and Mac.

The XG has an Authentication client for Windows, Mac, Linux, IOS, and Android. The latter two get installed through their app stores and configured via a "certificate" (though I don't know if this is an SSL certificate).

However what I wrote about using Users bound to IP is still true.
Cancel
Vote Up 0 Vote Down

Cancel
0 DanielFriedhoff over 8 years ago in reply to Michael Dunn

Thanks Michael.

The Sophos Network Agent ( Sophos Network Agent ) instructions say to log on to the user portal, click the Client Authenticate certificate, and choose Open With to open the cert with the Sophos Network Agent. This is what I'm unable to complete.

I understand now that the Sophos Network Agent is not for the UTM Home.

I'll try tying users to devices (static IP's) and see if that solves my problem. That will be easier than directing through the web portal.

Thanks.
Cancel
Vote Up 0 Vote Down

Cancel
0 DanielFriedhoff over 8 years ago in reply to DanielFriedhoff

I realize this is for XG, but what I found is a login restriction so that users can only authenticate from certain IP addresses. While this does bind users to a specific IP, it does not appear to remove the logon requirement.

https://community.sophos.com/kb/en-US/123041

Thanks.
Cancel
Vote Up 0 Vote Down

Cancel