Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 979 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CAA to Prevent Internet Usage for Non Authenticated Users

Patrick Breitenbeck

I am using Sophos XG Firewall Home v18 GA along with CAA for certain users. I have read the "Sophos XG Firewall: Client Authentication Agent" (https://community.sophos.com/kb/en-us/133124) article, but I do not understand how this would prevent Internet access when users are not allowed to log into the CAA based on a schedule defined in the firewall. I have strict auth enabled in the Default_Network_Policy and have created/enabled the CAA_Test firewall rule with Match Known Users enabled in it. But, I fail to see how this would prevent a user from being able to access the Internet when users can't log into CAA due to a deny schedule that is applied in user authentication for a certain user.



This thread was automatically locked due to age.
Parents
  • 0

    If all users/devices on the network were using CAA, then I can see how using a firewall rule that would only allow matched known users access to the WAN from LAN. However, not all users on the network will be using CAA and we won't be using CAA on mobile phones on the network. What is a firewall rule strategy that would allow some users that are not using CAA to have Internet access at all times, but would still allow me to control Internet access times for users/devices that are using CAA?

Reply
  • 0

    If all users/devices on the network were using CAA, then I can see how using a firewall rule that would only allow matched known users access to the WAN from LAN. However, not all users on the network will be using CAA and we won't be using CAA on mobile phones on the network. What is a firewall rule strategy that would allow some users that are not using CAA to have Internet access at all times, but would still allow me to control Internet access times for users/devices that are using CAA?

Children