Watchguard and HTTP authentication

I've recently taken delivery of a Watchguard Firebox and it looks like it doesn't support basic http authentication. I'm sure it must be me missing something. Anyone know how to do it?

Reply to
Dave R
Loading thread data ...

What model?

When I setup shared user accounts for authentication rules, meaning I allow several users to logon using the same ID/PWD, then setup rules accordingly. You should be able to browse to http://firewall_IP:4100 and as long as you have a JVM installed you should get the web login page. You have to keep the session open in order to use the authentication.

Post back with more details if that wasn't enough for you.

Reply to
Leythos

It's the X series.

Thanks.

That's what I've seen so far, and frankly it's rubbish. It doesn't account for multi-user systems, it requires each person to have a JVM configured in their browser, and it doesn't stop multiple programs from accessing HTTP if they're on the same machine.

I was expecting it to do basic http authentication. That is, make a HTTP request through the firewall, it responds with a 407 Authentication Required, so browser prompts for username and password, which is then basically encoded in the HTTP headers for subsequent requests. I realise this may not be as secure as the Applet with its challenge/response, but it's a fairly fundamental feature.

Reply to
Dave R

The authentication feature works with RADIUS I believe, then users don't need to make a separate request via http, but I've not found a reason to set it up that way.

The Auth mode allows, if you have a HTTP rule for it, allows any HTTP from the authenticated machine, to follow the rule, it's always been that way.

While it may be fundamental, not many of the firewalls I've used do that, and you could have checked with a vendor or WatchGuard before the purchase.

What OS are you running for network authentication - and there are more than one X series, how about which specific model?

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.