Applies To: Cloud-managed Fireboxes
On the Firebox Device Configuration page, these are the settings and methods to configure user authentication.
Domains
If you have an authentication domain, you can add the domain to WatchGuard Cloud. With this option, you add the domain, and specify authentication servers, users, and groups for the domain. The domain is a shared configuration setting. After you add the authentication domain to WatchGuard Cloud, you can add it to multiple cloud-managed Fireboxes in your account.
For more information, go to:
Firebox Database
You can use the Firebox itself as an authentication server. With this option, you add the users and groups to the Firebox authentication database (Firebox DB).
For more information, go to Configure Firebox Database User Authentication.
After you add an authentication domain or add Firebox users and groups, you can specify users and groups in firewall policies, aliases, and mobile VPN settings.
Captive Portal
You can configure a captive portal for a Firebox. With a captive portal, you can restrict Internet-only connectivity for network clients. You can also enforce policies so that clients can access the Internet only after they review and accept the Terms of Use and Privacy Policy, or provide user details in a web form on the captive portal splash page.
For more information, go to Configure a Captive Portal for a Firebox.
Settings
Authentication Portal — To allow users to connect to the Firebox to authenticate, you can enable connections to the Firebox Authentication Portal. For more information, go to Enable the Authentication Portal on the Firebox.
Single Sign-On — To simplify the log in process for users, you can configure Security Assertion Markup Language (SAML) single sign-on (SSO). For more information, go to Configure SAML Single Sign-On for Your Accounts in WatchGuard Cloud.
Block Failed Logins — To prevent brute force attacks, you can use this feature to block IP addresses with failed login attempts to the login pages on a cloud-managed Firebox. For more information, go to Configure Block Failed Login Attempts.