The WatchGuard Authentication (WG-Auth) policy is automatically added to your XTM device configuration when you add the first policy that has a user or group name in the From list on the Policy tab of the policy definition. The WG-Auth policy controls access to port 4100 on your XTM device. Your users send authentication requests to the device through this port. For example, to authenticate to an XTM device with an IP address of 10.10.10.10, your users type https://10.10.10.10:4100 in the web browser address bar.
If you want to send an authentication request through a gateway device to a different device, you might have to add the WG-Auth policy manually. If authentication traffic is denied on the gateway device, you must use Policy Manager to add the WG-Auth policy. Modify this policy to allow traffic to the IP address of the destination device.
For more information on when to modify the WatchGuard Authentication policy, see Use Authentication to Restrict Incoming Traffic.
About User Authentication
Add Policies to Your Configuration