To use browser-based user authentication, you must define some IPv4 or IPv6 Access rules.
Note: To redirect HTTPS traffic, you must enable TLS decryption for the traffic.
You must define the following IPv4 or IPv6 Access rules:
- An Access rule that allows all clients to access the logon page.
- An Access rule that allows authenticated users to establish HTTP or HTTPS connections.
- An Access rule that redirects unauthenticated HTTP or HTTPS traffic to the logon page.
For more details about the product and how to configure features, click Help or press F1.
Steps
-
Open the Firewall Policy for editing and add the following Access rules:
Table 1. Example Access rules for unauthenticated HTTP connections
Source |
Destination |
Service |
Action |
Authentication |
ANY |
IP addresses of interfaces through which users can authenticate. |
HTTP
HTTPS
(Port settings must be the same as defined in the User Authentication settings for the NGFW Engine.)
|
Allow |
|
ANY |
IP addresses of network services that require authentication. |
HTTP
HTTPS
|
Allow |
Users or User Groups who are allowed to access services, and appropriate Authentication Methods. |
ANY |
IP addresses of network services that require authentication. |
HTTP
HTTPS
|
Refuse
Connection tracking: Default
Response: redirect to the logon page.
|
|
-
Install the policy to transfer the changes to the engine.