Enable redirection of unauthenticated HTTP or HTTPS connections

To use browser-based user authentication, you must define some IPv4 or IPv6 Access rules.

Note: To redirect HTTPS traffic, you must enable TLS decryption for the traffic.

You must define the following IPv4 or IPv6 Access rules:

  • An Access rule that allows all clients to access the logon page.
  • An Access rule that allows authenticated users to establish HTTP or HTTPS connections.
  • An Access rule that redirects unauthenticated HTTP or HTTPS traffic to the logon page.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Open the Firewall Policy for editing and add the following Access rules:
    Table 1. Example Access rules for unauthenticated HTTP connections
    Source Destination Service Action Authentication
    ANY IP addresses of interfaces through which users can authenticate.

    HTTP

    HTTPS

    (Port settings must be the same as defined in the User Authentication settings for the NGFW Engine.)

    Allow  
    ANY IP addresses of network services that require authentication.

    HTTP

    HTTPS

    Allow Users or User Groups who are allowed to access services, and appropriate Authentication Methods.
    ANY IP addresses of network services that require authentication.

    HTTP

    HTTPS

    Refuse

    Connection tracking: Default

    Response: redirect to the logon page.

     
  2. Install the policy to transfer the changes to the engine.