Use Authentication to Restrict Incoming Traffic

One function of the authentication tool is to restrict outgoing traffic. You can also use it to restrict incoming network traffic. When you have an account on the XTM device and the device has a public external IP address, you can authenticate to the device from a computer external to the device.

For example, you can type this address in your web browser: https://<IP address of XTM device external interface>:4100/.

After you authenticate, you can use the policies that are configured for you on the device.

To enable a remote user to authenticate from the external network:

  1. Select Firewall > Firewall Policies.
    The Firewall Polices Page appears.
  2. Double-click the WatchGuard Authentication policy to edit it.
    This policy appears after you add a user or group to a policy configuration.
    The Edit page appears.
  3. From the Connections are drop-down list, make sure Allowed is selected.
  4. In the From section, click Add.
    The Add Member dialog box appears.
  5. Member type drop-down list, select Alias.
  6. From the list of members, select Any.
  7. Click OK.
    Any appears in the From list.
  8. In the To section, click Add.
  9. Member type drop-down list, select Alias.
  10. From the list of members, select Firebox.
  11. Click OK.
    Firebox appears in the To list.

Screen shot of the WatchGuard Authentication policy settings page

  1. Click Save.

Use Authentication Through a Gateway Firebox

The gateway Firebox is the XTM device that you place in your network to protect your Management Server from the Internet.

To send an authentication request through a gateway Firebox to a different device, you must have a policy that allows the authentication traffic on the gateway device. If authentication traffic is denied on the gateway device, add the WG-Auth policy. This policy controls traffic on TCP port 4100. You must configure the policy to allow traffic to the IP address of the destination device.

See Also

About User Authentication

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base