Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recommendations for authenticating

Hi All,

I am performing a UTM-to-XG migration, in an AD environment.  We have Windows PCs, Macs, tablets and phones.  We want to identify usernames in reports and logs as far as possible, but accept this may not be 100% possible.

Some users are in the office, but these days most connect via L2TP VPN.

We really dont want authentication pop-ups (captive portal), nor do we want to have to visit ~200 PCs to install an agent (remember, most people are working from home over VPN).

Does anyone have any recommendations?

  • AD Integration - this is fine for domain-joined PCs in the office, but what about L2TP VPN users? Can it identify them? And what about Mac/Phone/Tablet users?
  • STAS - again, may work well for office users, but what about VPN users? And phone/tablet users?
  • Client agent - will be a big pain to install on ~200 PCs, and again, what about Mac/Phone/Tablet users?
  • Clientless users - perhaps? Don't know.

Authentication works in the UTM because of a feature where you can specify that Windows users authenticate, anyone else does not.  Which makes AD SSO work.  But I do not see anything like this is XG.

I know this might be a big ask, but I guess lots of you must have these mixed environments - what do you do?  Maybe you just abandon authentication altogether?

Looking forward to hearing from you.

Many thanks

Adrian



This thread was automatically locked due to age.