Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 790 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Auto assign user

Dejan Bukovec

Im looking how to setup in XG simple auto assign user to ip/mac address...

For example:

LAN 192.168.1.10 user1

LAN 192.168.1.15 user2

VPN 192.168.13.17 user1

WLAN 192.168.3.22 user2

WLAN 192.168.3.25 user1

I know that there is Clientless user configuration but this is not option because you can't assign username which already exist inside users... Also having different usernames for same user is realy not very practical...

What options we have to do that? Clients are win, linux, android and need to be done without installing software.



Edited Tags
[edited by: Erick Jan at 12:01 AM (GMT -7) on 16 Sep 2022]
  • 0

    use clientless and assign the device name to the entry. You will also need to use fixed addressing.

    Ian

  • 0 in reply to rfcat_vk

    Thanks for reply but clientless option do not work as I need. It do not allow recreate same user or multiple IP addresses assign to one user...

    I need to have all devices from one user under one username. It is nightmare to know what usernames are used for some user1 if you need to look in log file or in "Current activities" what bandwidth it use...

    User have their AD username and he know it. Auto login on windows pc can be done simple, but logging on telephone will be nightmare... All known users have "fixed" IP addresses by DHCP so XG know MAC&IP and only this thing need to be assigned to some user in database... Simple job but probably not with XG... Or Im miss something?

  • 0

    Hello Dejan,

    Thank you for contacting the Sophos Community!

    Currently, the way you are looking to achieve what you are looking for  isn’t possible, however, you could use the Captive Portal to have users authenticate to it, they would need to enter the same username on their devices, next, you could create static IP MAC address for their devices, next under Configure >> Authentication >> Users >> username >> login restriction, and add the IPs for their devices. 

    Regards,

  • 0 in reply to emmosophos

    Hi,

    Thanks for reply. I understand that and use Captive Portal long time but it is annoying for some users to need login on their devices... If clientless login can be modified to allow multiple entries of IP addresses(Like IP list) to one username it will be great and solve problems... Or if we can add multiple entries for same user...

  • 0

    I see that clientless user option do not work and do not show any traffic that user made.

    I have one test VM which I use and Im made some traffic... I can see that trafic in firewall logs and also user is assigned. but when I check live user information it show that is connected but like nothing has been transfered:

    I know that this work when users are authenticated by AD as we use at my job...

  • 0 in reply to rfcat_vk

    This is another view. You are showing live connections grouped by username. And also that do not show correct values...

    For example I right now have homenas host which is setup in clientless settings and make around 1,2MB/s upload using torrents but traffic is not counted by homenas user:

    And this is from Live users which also do not show any traffic:

    But firewall in Log's normally see trafic from that user: