Enable browser-based user authentication
Browser-based user authentication allows end users to authenticate to a firewall or virtual firewall using any standard web browser, or using external RADIUS or TACACS+ authentication servers.
End users usually authenticate through a VPN client, which requests the user to authenticate as needed. When the VPN client is used, successful authentication opens a VPN tunnel.
End users can alternatively open an authentication page in a web browser. The end users can authenticate using encrypted HTTPS connections as well as plain HTTP connections. Browser-based user authentication is configured in the properties of the firewall. The IPv4 or IPv6 Access rules for allowing authentication connections are not included in the Firewall Template Policy. You must add rules that allow this traffic to the firewall’s policy. You must also add Access and Inspection rules to enable redirection of unauthenticated HTTP connections to the logon page.