Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Authentication: Use Wireless Credentials for other UTM modules

Passing the authentication credentials from 802.1X WPAx enterprise authentication to other UTM modules would enable seamless SSO for wirelessly connected devices and would be particularly useful for authentication of mobile devices.

72 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Troy CunninghamTroy Cunningham shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    5 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Aaron BugalAaron Bugal commented  ·   ·  Flag as inappropriate

        The current BETA of the Sophos Firewall OS allows you to infer user objects from both DC login and RADIUS accounting. Here I've got my Cisco WLC sending accounting information to SFOS, and users are being identified based on their credentials used to join WiFi. Works very well!

      • BrendanBrendan commented  ·   ·  Flag as inappropriate

        Has this been set for inclusion in Copernicus?? I am desperate to have this working for our BYOD deployment next year.

      • AnonymousAnonymous commented  ·   ·  Flag as inappropriate

        UTM must accept Radius Accounting messages, and just map the IP to the user.
        Both are present on typical radius accounting.
        This is how Fortigate works, by the way.

      • Aaron BugalAaron Bugal commented  ·   ·  Flag as inappropriate

        Ideally this would leverage associated records on an existing AAA service on the network which is used by 802.1x. Eg: iOS device authenticates to the network using 802.1x, the Web Protection module could then cascade down 'authentication servers' (AD SSO >> RADIUS) to establish trust of the device and map it back to a specific Web Protection profile.
        This would greatly help the educational space and corporates who are introducing BYOD and are providing network access via wireless but still wish to capture WHO is using the infrastructure.

      Feedback and Knowledge Base