Hi All,
I am performing a UTM-to-XG migration, in an AD environment. We have Windows PCs, Macs, tablets and phones. We want to identify usernames in reports and logs as far as possible, but accept this may not be 100% possible.
Some users are in the office, but these days most connect via L2TP VPN.
We really dont want authentication pop-ups (captive portal), nor do we want to have to visit ~200 PCs to install an agent (remember, most people are working from home over VPN).
Does anyone have any recommendations?
- AD Integration - this is fine for domain-joined PCs in the office, but what about L2TP VPN users? Can it identify them? And what about Mac/Phone/Tablet users?
- STAS - again, may work well for office users, but what about VPN users? And phone/tablet users?
- Client agent - will be a big pain to install on ~200 PCs, and again, what about Mac/Phone/Tablet users?
- Clientless users - perhaps? Don't know.
Authentication works in the UTM because of a feature where you can specify that Windows users authenticate, anyone else does not. Which makes AD SSO work. But I do not see anything like this is XG.
I know this might be a big ask, but I guess lots of you must have these mixed environments - what do you do? Maybe you just abandon authentication altogether?
Looking forward to hearing from you.
Many thanks
Adrian
This thread was automatically locked due to age.