Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 28 subscribers
  • Views 481 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Captive portal for non "web" services

Nez_Pottage

We have a site to site VPN between two XG units.

One site needs to be made very secure and not allow any access to users from the remote site, but there are a small handful of people like finance and IT staff who need access to SMB shares and other Non Web based services.

To get around this, I've tried to use the captive portal and user authentication against some firewall rules.

These work fine if I am at the remote site trying to access a web page in the secure site.

However, if I simply try to access a remote file server, or RDC over to the secure site, the firewall block me.

I can get around it by hitting a page on a server over there, authenticating to their XG's captive portal, and then the firewall rule allows my traffic.

So is there any way for my Mac and PC users to be able to get the Captive Portal log on to pop up when they try to access services outside of a web browser?

Or do we have to "cheat" and ask people to hit a static web page in that site first to auth, and then they can use the files servers / other services?



This thread was automatically locked due to age.
Parents
  • 0

    There are several authentication methods aside from Captive Portal.  AD SSO (NTLM or Kerberos) is similar in that you need to hit a real webpage first, but they are more silent.  If you have Sophos Endpoints you should start using Synchronized Security which will log in those endpoint.  STAS is generally good but  might be overkill.

    In 99% of the time you don't have/want a user but there are a few computer/users you do then maybe use the Authentication client.  Go to Authentication > Client Downloads.  For Windows it sits in the system tray and does an out-of-band authentication for you.

Reply
  • 0

    There are several authentication methods aside from Captive Portal.  AD SSO (NTLM or Kerberos) is similar in that you need to hit a real webpage first, but they are more silent.  If you have Sophos Endpoints you should start using Synchronized Security which will log in those endpoint.  STAS is generally good but  might be overkill.

    In 99% of the time you don't have/want a user but there are a few computer/users you do then maybe use the Authentication client.  Go to Authentication > Client Downloads.  For Windows it sits in the system tray and does an out-of-band authentication for you.

Children
No Data