Is there any way I could set a rule that states if a user authentication fails to automatically log them in as a guest account located in a local user database?
To open up an extremely large can of worms...our situation is as follows. For the LAN, we have the Transparent Bridge with an Authorization Server that checks against our AD. We were just recently "strongly suggested" to put up WiFi open to the public that passes through the LAN & MWG7 on the way to the internet. Finally, we have VPN clients that pass through the MWG7 and currently have to enter in their name and password on a prompt like this:
Ideally, I would like seperate authentication for each method of reaching the internet.
The WiFi clients NAT to 172.23.42.7 and I would like a rule that autmatically logs them on as a guest accout located on a local user databse.
Also, the VPNs proxy to the MWG7 on port 3128 and I would like to attempt to pick up their authentication through NTLM if possible.
I can zip my backup file or an html if anyone want to see what I've already attempted at (andn failed!).
We have a Content Filter setup for Unauthenticated users. The problem is somewhere along the way the MWG7 won't allow an unauthenticated user to browse the internet.
We've had very good luck using the Try-Auth ruleset. This allows us to implement separate rules for authenticated and unauthenticated users. However, if you don't want your unauthenticated users to browse the Internet, you could exclude your NAT IP for WiFi clients from the rule that is blocking the unauthenticated users.
I have excluded the NAT IP, yet the appliance still prompts for credentials. The only reason I can determine this would be happening is because the MWG7 is inline with our internet connection, so all traffic passes through it, but I'm not sure.
I noticed in your ruleset that you are not applying the WiFi Authentication ruleset to your NAT address 172.23.42.7. Also, I don't see that address excluded from the other Authentication rulesets that you have.