To enable your users to authenticate, you create user accounts and groups. When a user connects to the authentication portal with a web browser on a computer or smart phone and authenticates to the Firebox, the user credentials and computer IP address are used to find whether the configuration includes a policy that applies to the traffic that the computer sends and receives.
To create a Firebox user account:
- Define a New User for Firebox Authentication.
- Define a New Group for Firebox Authentication and put the new user in that group.
- Create a policy that allows traffic only to or from a list of Firebox user names or groups.
This policy is applied only if a packet comes from or goes to the IP address of the authenticated user.
After you have added a user to a group and created policies to manage the traffic for the user, the user can open a web browser on a computer or smart phone to authenticate to the Firebox
In Fireware 12.5.5 or higher, connections to pages served by the Firebox Web Server must use TLS 1.2 or higher.
If you have configured the Firebox with an IPv4 or an IPv6 address, you can use either the IPv4 or the IPv6 address to authenticate to the device over port 4100.
To authenticate with an HTTPS connection to the Firebox over port 4100:
- In a web browser, go to https://<IP address of the device>:4100.
The login page appears.
- Type the Username and Password.
- From the Domain drop-down list, select the domain to use for authentication.
This option only appears if you can choose from more than one domain.
- Click Login.
If the credentials are valid, the user is authenticated.
Firewall authentication takes precedence over Single Sign-On (SSO) and replaces the user credentials and IP address from your SSO session with the user credentials and IP address you select for Firewall authentication. For more information about how to configure SSO, see How Active Directory SSO Works.