One function of the authentication tool is to restrict outgoing traffic. You can also use it to restrict incoming network traffic. When you have an account on the XTM device and the device has a public external IP address, you can authenticate to the device from a computer external to the device.
For example, you can type this address in your web browser: https://<IP address of XTM device external interface>:4100/.
After you authenticate, you can use the policies that are configured for you on the device.
To enable a remote user to authenticate from the external network:
The gateway Firebox is the XTM device that you place in your network to protect your Management Server from the Internet.
To send an authentication request through a gateway Firebox to a different device, you must have a policy that allows the authentication traffic on the gateway device. If authentication traffic is denied on the gateway device, add the WG-Auth policy. This policy controls traffic on TCP port 4100. You must configure the policy to allow traffic to the IP address of the destination device.
About User Authentication