Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 2866 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need help getting the authenticated user ID from the Sophos XG Firewall (XG450)

Alex Bukharin

We are using the Sophos XG Firewall to authenticate users
against an OpenLDAP directory and let them inside of our VPN
network.

We’d like set up a Single-Sign-On solution on our network,
where once a user has been authenticated with the Sophos XG
Firewall the authentication and authorization for any of the
web apps on our network happens automatically.

We need help with getting an Automated way for our Authentication service to determining which user has been
authenticated through the Sophos XG Firewall.

Any help on this would be greatly appreciated. 

Some of the ideas I had, but not sure if they would work or how to achieve them:


1.Signing all HTTP requests being forwarded
through the Sophos XG Firewall with the authenticated user ID.

2.Use the Sophos XG Firewall API to somehow get the authenticated user ID from, lets say the IP address. I couldn't find anything on how to do this in the API docs though.

3.Scanning the firewall logs to see which users had been authenticated and with which IPs.

Please advise.



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Authentication in the Sophos XG serves a purpose such as Authentication in the firewall to access the Internet and you can apply content restrictions on the user as per the organization requirement. You will get reports based on username.

    When you implement STAS authentication, the user will be to authenticate with the Sophos XG when the user logs in to the system and applied content restriction and other parameters on the user policy on the user profile will be applicable and traffic will be passing from specific firewall rule where you can apply other parameters such as scanning and IPS, Gateway to use the Internet and other parameters available in firewall rule as well as a user policy.

    STAS authentication - https://community.sophos.com/kb/en-us/123156

    Signing all HTTP requests being forwarded through the Sophos XG Firewall with the authenticated user ID.

    Please provide moe requirement on this scenario to understand it better, you can create service-based firewall rule in the XG firewall - https://community.sophos.com/kb/en-us/123579

    Scanning the firewall logs to see which users had been authenticated and with which IPs.

    You can check authentication logs from Log viewer and also check live user to get details of authenticated users with XG firewall

    If you have any specific requirements, please take help of our professional services - https://www.sophos.com/en-us/support/professional-services.aspx

    Hope this helps!

  • 0 in reply to Keyur

    Hi Keyur, thank you for you reply. 

    I will look further into applying firewall rules to restrict user access to certain resources. Perhaps this could solve our problem, but I'm not yet sure.

    We would need to authenticate a user against LDAP, retrieve their permissions from LDAP and then apply firewall restrictions depending on those permissions. Is this possible to set up with Sophos XG? Where would we set up the logic of retrieving user permissions from LDAP and applying different firewall rules depending on those permissions?

    Regarding the HTTP requests. We would want to add a header with the authenticated users id to each HTTP request going through the Sophos XG, such as user_id: user1. Is this possible to do?

    Looking at the authentication logs from Log viewer on client side would not be secure enough. We would need to look at the logs of the firewall itself, on server side rather than client side. Is this possible to do? How would we view the authentication logs?

Reply
  • 0 in reply to Keyur

    Hi Keyur, thank you for you reply. 

    I will look further into applying firewall rules to restrict user access to certain resources. Perhaps this could solve our problem, but I'm not yet sure.

    We would need to authenticate a user against LDAP, retrieve their permissions from LDAP and then apply firewall restrictions depending on those permissions. Is this possible to set up with Sophos XG? Where would we set up the logic of retrieving user permissions from LDAP and applying different firewall rules depending on those permissions?

    Regarding the HTTP requests. We would want to add a header with the authenticated users id to each HTTP request going through the Sophos XG, such as user_id: user1. Is this possible to do?

    Looking at the authentication logs from Log viewer on client side would not be secure enough. We would need to look at the logs of the firewall itself, on server side rather than client side. Is this possible to do? How would we view the authentication logs?

Children
No Data