Enable browser-based user authentication
Browser-based user authentication allows end users to authenticate to a firewall or virtual firewall using any standard web browser, or using external RADIUS or TACACS+ authentication servers.
End users usually authenticate through a VPN client, which requests the user to authenticate as needed. When the VPN client is used, successful authentication opens a VPN tunnel.
End users can alternatively open an authentication page in a web browser. The end users can authenticate using encrypted HTTPS connections as well as plain HTTP connections. Browser-based user authentication is configured in the properties of the firewall. The IPv4 Access rules for allowing authentication connections are not included in the Firewall Template Policy. You must add a rule that allows this traffic in the firewall’s policy. You must also add IPv4 Access and Inspection rules to enable redirection of unauthenticated HTTP connections to the logon page.