Enable the Authentication Portal on the Firebox
Applies To: Cloud-managed Fireboxes
To enable user authentication, you configure users in the Firebox database or in an authentication domain. If you want users to connect to the cloud-managed Firebox to authenticate, you can enable the Authentication Portal. The Authentication Portal is a web page on the Firebox.
For the Firebox to allow connections to the Authentication Portal, you must add a WG-Auth firewall policy to the Firebox configuration. A WG-Auth policy allows TCP traffic on port 4100.
To add the WG-Auth policy, in WatchGuard Cloud:
- Select Configure > Devices.
- Select the cloud-managed Firebox.
- Click Device Configuration.
- Click the Firewall Policies tile.
The Firewall Policies page opens. - Click Add Firewall Policy.
The Add Firewall Policy page opens. - For the policy type, select First Run.
- Click Next.
- In the Name text box, type a name for this policy. For example Authentication Portal.
- Click Add Traffic Types.
- Select the WG-Auth traffic type.
- Click Add.
- To allow users to connect to the Authentication Portal from internal networks:
- Select Add Source.
The Add Source Address dialog box opens. - From the Type drop-down list, select Built-in Aliases.
- From the Built-in Aliases list, select Any-Internal.
- Click Add.
- Select Add Source.
- To specify the Firebox as the destination for authentication portal traffic:
- Click Add Destination.
The Add Destination Address dialog box opens. - From the Type drop-down list, select Built-in Aliases.
- From the Built-in Aliases list, select Firebox.
- Click Add.
The Firebox is added as the policy destination.
- Click Add Destination.
- To save configuration changes to the cloud, click Save.
To enable the Firebox Authentication Portal, in WatchGuard Cloud:
- Select Configure > Devices.
- Select the cloud-managed Firebox.
- Click Device Configuration.
- In the Authentication section, click the Settings tile.
The Settings page opens.
- Enable the Authentication Portal.
- To select the authentication domain in the Authentication Portal, from the Default authentication domain drop-down list, select an authentication domain.
- To save configuration changes to the cloud, click Save.
After you enable the Authentication Portal, the WatchGuard Authentication Portal system policy is added to the Firebox. This first-run system policy allows WG-Auth traffic from internal networks to the Firebox on port 4100.
After you deploy the configuration to the Firebox, users on internal networks can use a web browser to connect to the Authentication Portal.
On the Authentication Portal, the default Domain is the Default authentication domain that you configure in the Firebox Authentication settings.
For more information, see Connect to the Firebox Authentication Portal.
Connect to the Firebox Authentication Portal