To use browser-based user authentication, you must define some IPv4 Access rules.
Note: To redirect HTTPS traffic, you must enable TLS decryption for the traffic.
You must define the following IPv4 Access rules:
- An Access rule that allows all clients to access the logon page.
- An Access rule that allows authenticated users to establish HTTP or HTTPS connections.
- An Access rule that redirects unauthenticated HTTP or HTTPS traffic to the logon page.
For more details about the product and how to configure features, click Help or press F1.
Steps
-
Open the Firewall Policy for editing and add the following IPv4 Access rules:
Table 1. Example Access rules for unauthenticated HTTP connections
Source
|
Destination
|
Service
|
Action
|
Authentication
|
ANY
|
IP addresses of interfaces through which users can authenticate.
|
HTTP
HTTPS
(Port settings must be the same as defined in the User Authentication settings for the NGFW Engine.)
|
Allow
|
|
ANY
|
IP addresses of network services that require authentication.
|
HTTP
HTTPS
|
Allow
|
Users or User Groups who are allowed to access services, and appropriate Authentication Methods. |
ANY
|
IP addresses of network services that require authentication.
|
HTTP
HTTPS
|
Refuse
Connection tracking: Default
Response: redirect to the logon page.
|
|
-
Install the policy to transfer the changes to the engine.