Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 530 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it possible to apply a firewall rule or policy to "people"?

Ace Carter

Reading the documentation that Sophos support tech is pointing me to but it's not helping me understand.

We manage multiple XG Firewalls through the Sophos Central Admin portal. Firewalls are registered with Sophos Central portal accordingly. Each customer has "People" and said people have devices associated with them.

Is it possible to have policies apply specifically to those "people" using the Match Known Users feature within a Firewall Rule? Is there any way to get those "People" in the firewall?

If it is possible, how can I get those "people" visible in the firewall?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to emmosophos

    Okay.

    Some of our customers do use both an XG Firewall and endpoint protection. Within our own organization we use an XG Firewall and our workstations have Sophos Endpoint protection. There is no Active Directory, we're a small company so it's not necessary. I am setup as a "person" in the central portal and I have my laptop associated with me as a device.

    We are using Heartbeat and I recently added the LAN Zone to the missing heartbeats config, but I'm not sure how/when "people" come into play or how to get them to show up as known users

    I do see that it's finding the endpoints though...

    Can you shed any further light on this?

  • +1 in reply to Ace Carter

    Hello Ace,

    Thank you for the follow-up!

    Unfortunately, the heartbeat authentication only works with AD, since it will share domain user account information from the client machine the user is logged into with the firewall via Heartbeat. The Firewall will then check the user account against the configured AD server and activates the user.

    In your case you would need to use either CAA or the Captive Portal, you would need to create local users in the XG by following this KBO

    Once each user has a username and password, you can follow the KB for CAA or Captive Portal.

    This other KB will explain more about options for creating user-based firewall rules.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Okay, thank you for helping me understand. I appreciate it!

Cookie Information Banner