Clientless users

You can configure network devices, such as servers and printers, as clientless users.

Clientless users don't require authentication and don't use a client to access the network. Sophos Firewall allows these users to access the network by matching the username to the IP address you specify in the clientless user policy.

Clientless users appear as live users in current activities. If you deactivate these users, they don't appear as live users.

You can also configure people as clientless users, for example, senior executives, for whom you don't want to require a sign-in when they're within the network. If you configure users rather than network devices, we recommend that you map the users with static IP addresses on your DHCP server.

You can create clientless users individually or as a group. You can then edit each user's configuration and specify the policies and bandwidth usage.

Actions

  • To change user status between active and inactive, select a user and click Change status.
  • To see additional columns, click Show additional properties and select the fields. To reorder the columns, drag and drop the fields in the drop-down list and click Ok.
  • To add a single clientless user, click Add.
  • To add more than one clientless user, click Add range.
  • To add a clientless group, go to Authentication > Groups. Set Group type to Clientless and specify the policies. These groups then appear under Group when you add individual clientless users or edit an existing clientless user.

Policies and internet usage

After creating clientless users, you can click a clientless user and select the following policies:

  • Traffic shaping (quality of service): You can select one from the drop-down list or create a new policy.
  • Quarantine digest: The digest is a list of emails held in the quarantine area and is sent to the user's inbox.

User policies take precedence over policies of the group to which the user belongs.

To see or reset a user's usage, click a clientless user, scroll down, and do as follows:

  • To reset a user's internet traffic statistics and restart the network traffic quota, click Reset user accounting.
  • To see a user's internet usage, click View usage.

Normal and clientless users

Sophos Firewall supports normal and clientless users.

Normal users: These users require authentication and must sign in through their endpoints to access network resources. You can create these users on Authentication > Users.

Clientless users: These users don't require authentication and don't need client software to access network resources. You can configure network devices, such as servers and printers, as clientless users. Clientless users can also be people whom you want to allow access without authentication.

Table 1. Difference between normal and clientless users

Name

Normal user

Clientless user

User authentication for accessing the network

Yes

No

Sign-in restriction

Yes

You can restrict the IP addresses from which users can sign in. To do this, you can go to the following pages:

Authentication > Users

Authentication > Groups

Doesn't apply.

Sophos Firewall allows clientless users based on their IP addresses.

User type and profile

Yes

User or administrator

No

Group membership

Normal group

Clientless group

MAC binding

Yes

No

Surfing quota policy

Yes

No

Access time policy

Yes

No

Network traffic policy

Yes

No

Traffic shaping policy

Yes

Yes

Remote access VPN policies

(IPsec, SSL VPN, L2TP, PPTP, and clientless VPN policies)

Yes

No

You can't assign these users to remote access VPN policies.

Quarantine digest

Yes

Yes