Hello
We're trying to use a Webserver behind web server protection (Sophos XG) where clients have to authenticate themself with a certificate.
We're able to reach the Website and we can authenticate with username and Password.
But, however, our clients are not able to authenticate themself with their certificate.
Even if we set the protection policy to monitor, disabling everithing and defining an exception to /path/* which skip all checks, clients can't authenticate with certificate.
If we're using a Firewall- and NAT-Rule combination, clients are able to authenticate correctly with their certificate.
This let us believe, that the web server protection exchanges our certificate from the client when the're trying to authenticate and we're not able to disable this behavior.
Is this correct?
Or are there some options to get certificate based authentication running behind web server protection?
Greetings
This thread was automatically locked due to age.
