Sophos XG Firewall Web Interface Reference and Admin Guide v16.5

| Configure | 443

2. Enter cell phone number . You will receive SMS through the gateway configured if you are able to connect to the gateway.

Figure 416: Test Connectivity

3. Click Save.

Client Downloads

The Client Downloads page allows you to to download all the clients or add-ins needed to interact with the device.

The device provides various options for user authentication. All the users are authenticated before they are provided access to network resources. User authentication can be performed using a local database, Active Directory, LDAP,

RADIUS, TACACS, eDirectory, NTLM or combination of these. The device also supports Single Sign On (SSO) for transparent authentication whereby Windows credentials can be used to authenticate and the user has to login only once to access network resources. SSO can be used in Active Directory and Citrix or Terminal Services Environment.

Users can authenticate with the device using the Captive Portal, authentication clients for Windows, Linux,

Macintosh, Android and iOS platforms or Single Sign On (SSO).

Following Clients can be downloaded from this page:

Single Sign-On

Sophos Single Sign-On Client - Enables users to logon to the organization network as well as to the device simultaneously. This requires client installation on the user’s machine.

Sophos Transparent Authentication Suite (STAS) - Enables transparent authentication whereby Windows credentials can be used to authenticate and the user has to login only once to access network resources. This does

NOT require a client installation on the user’s machine.

Sophos Authentication for Thin Client (STAC) - Enables transparent authentication for users in Citrix or Terminal

Services Environment whereby network credentials can be used to authenticate and the user has to login only once to access network resources. This does NOT require a client installation on the user’s machine.

Authentication Clients

Download MSI - Enables admins to install authentication clients via Microsoft Installer to multiple user devices to access network resources and the Internet as per the policies configured in the device.

Download CA for MSI - Download the digital certificate to be installed via MSI to ensure a safe connection with the device.

Download for Windows - Enables users using a Windows operating system to logon to the device to access network resources and the Internet as per the policies configured in the device.

Download for MAC OS X - Enables users using a system with Macintosh OS X onwards to logon to the device to access network resources and the Internet as per the policies configured in the device.

Download for Linux 32 - Enables users using a 32-bit Linux operating system to logon to the device to access network resources and the Internet as per the policies configured in the device.

Download for Linux 64 - Enables users using a 64-bit Linux operating system to logon to the device to access network resources and the Internet as per the policies configured in the device.

| Configure | 444

Download Certificate for iOS/Android client - Download the digital certificate to be installed in an iOS or Android system to ensure a safe connection with the device. Authentication Clients for iOS/Android can be downloaded from the respective App Store/Play Store.

SPX Add-ins

This feature is available only with a valid Email Protection subscription

This feature is available in Sophos Firewall Models XG105 and above, Cyberoam Models CR25iNG and above, and all Sophos UTM Models.

The SPX Add-in simplifies the encryption of the messages that contain sensitive or confidential information leaving the organization. The Add-in integrates seamlessly with the user’s Microsoft Outlook software, making it easy for users to encrypt messages through the Sophos Firewall (SF) Email Protection.

Follow the steps given below to install the Add-in Outlook:

1. Unzip the files to a temporary folder.

2. For an interactive installation, run setup.exe (users will be prompted for input).

3. For an unattended installation, please note the following prerequisites.

• Windows XP, Windows Vista, Windows 7, Windows 8 (both 32 and 64-bit) versions are supported.

• Microsoft Outlook 2007 SP3, 2010 or 2013 (both 32 and 64-bit) versions are supported.

Now, proceed as follows:

a. Install Microsoft .NET Framework 4 Client Profile.

b. Install Microsoft Visual Studio 2010 Tools for Office Runtime 4.0.

c. Run the installer with the following parameters: msiexec /qr /i SophosOutlookAddInSetupUTM.msi T=1

EC=3 C=1 I=1.

STAS

This page describes how to configure the Sophos Transparent Authentication Suite (STAS).

Sophos Transparent Authentication Suite (STAS) enables transparent authentication whereby Microsoft Windows credentials can be used to authenticate. The user has to log in only once to access the network resources. A client installation on the user's machine is not required.

The Sophos Transparent Authentication Suite (STAS) program can be found under Configure > Authentication >

Client Downloads. For more information about STAS installation, see

Sophos Transparent Authentication installation guide

.

1. Go to Configure > Authentication > STAS.

2. To enable Sophos Transparent Authentication Suite click the toggle switch.

3. Click Activate STAS.

4. To enable the user inactivity click the toggle switch.

5. Specify the user inactivity.

Inactivity Time

Specify the inactivity time in minutes. The user inactivity timeout is the inactive/idle time in minutes after which the user will be logged out and has to re-authenticate.

Acceptable range: 3 to 1440 minutes

Default: 3 minutes

Data Transfer Threshold

Specify the minimum data to be transferred.

Default: 100 bytes

6. Click Apply.