Enable browser-based user authentication

As an alternative to authenticating using a VPN client, end users can authenticate themselves on an authentication page in a web browser.

The users can authenticate using encrypted HTTPS connections as well as plain HTTP connections. If the authentication will expire before the user has completed their tasks, the user can re-authenticate without disruption to any connections.

Browser-based user authentication is configured in the properties of the NGFW Engine. The IPv4 or IPv6 Access rules for allowing authentication connections are not included in the Firewall Template Policy. You must add rules that allow this traffic to the NGFW Engine’s policy. You must also add Access and Inspection rules to enable redirection of unauthenticated HTTP connections to the logon page.