SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Authentication: Use Wireless Credentials for other UTM modules

Passing the authentication credentials from 802.1X WPAx enterprise authentication to other UTM modules would enable seamless SSO for wirelessly connected devices and would be particularly useful for authentication of mobile devices.

30 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Troy Cunningham shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    5 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Aaron Bugal commented  ·   ·  Flag as inappropriate

        The current BETA of the Sophos Firewall OS allows you to infer user objects from both DC login and RADIUS accounting. Here I've got my Cisco WLC sending accounting information to SFOS, and users are being identified based on their credentials used to join WiFi. Works very well!

      • Brendan commented  ·   ·  Flag as inappropriate

        Has this been set for inclusion in Copernicus?? I am desperate to have this working for our BYOD deployment next year.

      • Anonymous commented  ·   ·  Flag as inappropriate

        UTM must accept Radius Accounting messages, and just map the IP to the user.
        Both are present on typical radius accounting.
        This is how Fortigate works, by the way.

      • Aaron Bugal commented  ·   ·  Flag as inappropriate

        Ideally this would leverage associated records on an existing AAA service on the network which is used by 802.1x. Eg: iOS device authenticates to the network using 802.1x, the Web Protection module could then cascade down 'authentication servers' (AD SSO >> RADIUS) to establish trust of the device and map it back to a specific Web Protection profile.
        This would greatly help the educational space and corporates who are introducing BYOD and are providing network access via wireless but still wish to capture WHO is using the infrastructure.

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.