cancel
Showing results for 
Search instead for 
Did you mean: 
ittech
Level 13

Auto-logon for guests

Is there any way I could set a rule that states if a user authentication fails to automatically log them in as a guest account located in a local user database?

0 Kudos
19 Replies
eelsasser
Level 15

Re: Auto-logon for guests

That depends. Are you going to make it prompt and enter a guest account password when authentication fails?

0 Kudos
ittech
Level 13

Re: Auto-logon for guests

To open up an extremely large can of worms...our situation is as follows. For the LAN, we have the Transparent Bridge with an Authorization Server that checks against our AD. We were just recently "strongly suggested" to put up WiFi open to the public that passes through the LAN & MWG7 on the way to the internet. Finally, we have VPN clients that pass through the MWG7 and currently have to enter in their name and password on a prompt like this:

prompt.PNG

Ideally, I would like seperate authentication for each method of reaching the internet.

The WiFi clients NAT to 172.23.42.7 and I would like a rule that autmatically logs them on as a guest accout located on a local user databse.

Also, the VPNs proxy to the MWG7 on port 3128 and I would like to attempt to pick up their authentication through NTLM if possible.

I can zip my backup file or an html if anyone want to see what I've already attempted at (andn failed!).

0 Kudos
sdtsmit
Level 7

Re: Auto-logon for guests

Instead of using a local guest account, why not exclude your clients that are NATed to 172.23.42.7 from authentication?

0 Kudos
ittech
Level 13

Re: Auto-logon for guests

We have a Content Filter setup for Unauthenticated users. The problem is somewhere along the way the MWG7 won't allow an unauthenticated user to browse the internet.

0 Kudos
sdtsmit
Level 7

Re: Auto-logon for guests

We've had very good luck using the Try-Auth ruleset.  This allows us to implement separate rules for authenticated and unauthenticated users.  However, if you don't want your unauthenticated users to browse the Internet, you could exclude your NAT IP for WiFi clients from the rule that is blocking the unauthenticated users.

0 Kudos
ittech
Level 13

Re: Auto-logon for guests

I have excluded the NAT IP, yet the appliance still prompts for credentials. The only reason I can determine this would be happening is because the MWG7 is inline with our internet connection, so all traffic passes through it, but I'm not sure.

0 Kudos
sdtsmit
Level 7

Re: Auto-logon for guests

I noticed in your ruleset that you are not applying the WiFi Authentication ruleset to your NAT address 172.23.42.7.  Also, I don't see that address excluded from the other Authentication rulesets that you have.

0 Kudos
ittech
Level 13

Re: Auto-logon for guests

What a nice way to tell me I'm an idiot who missed a typo

Testing it out now...

Thanks!

0 Kudos
ittech
Level 13

Re: Auto-logon for guests

Ok, it's working a little bit. Now I can get on to internet with out a prompt , but my WiFi authenticate rule isn't giving me a username

0 Kudos