Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 519 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it possible to apply a firewall rule or policy to "people"?

Ace Carter

Reading the documentation that Sophos support tech is pointing me to but it's not helping me understand.

We manage multiple XG Firewalls through the Sophos Central Admin portal. Firewalls are registered with Sophos Central portal accordingly. Each customer has "People" and said people have devices associated with them.

Is it possible to have policies apply specifically to those "people" using the Match Known Users feature within a Firewall Rule? Is there any way to get those "People" in the firewall?

If it is possible, how can I get those "people" visible in the firewall?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Ace,

    Thank you for contacting the Sophos Community!

    To be able to see the users in the Firewall, you will need to authenticate them to the XG so the XG know who the user is.

    The XG has different type of authentication methods, for example:

    Sophos XG Firewall: Client Authentication Agent

    STAS

    Captive Portal

    I think it would depend on what type of authentication is available for users in the company, if you also use Endpoint, you could authenticate users based on heartbeat.

    But once the user authenticates against the XG you can select the Match Known Users in the XG, and select to which groups or users this firewall rule will apply to.

    Regards,

Reply
  • 0

    Hello Ace,

    Thank you for contacting the Sophos Community!

    To be able to see the users in the Firewall, you will need to authenticate them to the XG so the XG know who the user is.

    The XG has different type of authentication methods, for example:

    Sophos XG Firewall: Client Authentication Agent

    STAS

    Captive Portal

    I think it would depend on what type of authentication is available for users in the company, if you also use Endpoint, you could authenticate users based on heartbeat.

    But once the user authenticates against the XG you can select the Match Known Users in the XG, and select to which groups or users this firewall rule will apply to.

    Regards,

Children
  • 0 in reply to emmosophos

    Okay.

    Some of our customers do use both an XG Firewall and endpoint protection. Within our own organization we use an XG Firewall and our workstations have Sophos Endpoint protection. There is no Active Directory, we're a small company so it's not necessary. I am setup as a "person" in the central portal and I have my laptop associated with me as a device.

    We are using Heartbeat and I recently added the LAN Zone to the missing heartbeats config, but I'm not sure how/when "people" come into play or how to get them to show up as known users

    I do see that it's finding the endpoints though...

    Can you shed any further light on this?

  • +1 in reply to Ace Carter

    Hello Ace,

    Thank you for the follow-up!

    Unfortunately, the heartbeat authentication only works with AD, since it will share domain user account information from the client machine the user is logged into with the firewall via Heartbeat. The Firewall will then check the user account against the configured AD server and activates the user.

    In your case you would need to use either CAA or the Captive Portal, you would need to create local users in the XG by following this KBO

    Once each user has a username and password, you can follow the KB for CAA or Captive Portal.

    This other KB will explain more about options for creating user-based firewall rules.

    Regards,

  • 0 in reply to emmosophos

    Okay, thank you for helping me understand. I appreciate it!