Clientless users
You can configure network devices, such as servers and printers, as clientless users.
Clientless users don't require authentication and don't use a client to access the network. Sophos Firewall allows these users to access the network by matching the username to the IP address you specify in the clientless user policy.
Clientless users appear as live users in current activities. If you deactivate these users, they don't appear as live users.
You can also configure people as clientless users, for example, senior executives, for whom you don't want to require a sign-in when they're within the network. If you configure users rather than network devices, we recommend that you map the users with static IP addresses on your DHCP server.
You can create clientless users individually or as a group. You can then edit each user's configuration and specify the policies and bandwidth usage.
Actions
- To change user status between active and inactive, select a user and click Change status.
- To see additional columns, click Show additional properties and select the fields. To reorder the columns, drag and drop the fields in the drop-down list and click Ok.
- To add a single clientless user, click Add.
- To add more than one clientless user, click Add range.
- To add a clientless group, go to Authentication > Groups. Set Group type to Clientless and specify the policies. These groups then appear under Group when you add individual clientless users or edit an existing clientless user.
Policies and internet usage
After creating clientless users, you can click a clientless user and select the following policies:
- Traffic shaping (quality of service): You can select one from the drop-down list or create a new policy.
- Quarantine digest: The digest is a list of emails held in the quarantine area and is sent to the user's inbox.
User policies take precedence over policies of the group to which the user belongs.
To see or reset a user's usage, click a clientless user, scroll down, and do as follows:
- To reset a user's internet traffic statistics and restart the network traffic quota, click Reset user accounting.
- To see a user's internet usage, click View usage.
Normal and clientless users
Sophos Firewall supports normal and clientless users.
Normal users: These users require authentication and must sign in through their endpoints to access network resources. You can create these users on Authentication > Users.
Clientless users: These users don't require authentication and don't need client software to access network resources. You can configure network devices, such as servers and printers, as clientless users. Clientless users can also be people whom you want to allow access without authentication.
Name | Normal user | Clientless user |
---|---|---|
User authentication for accessing the network | Yes | No |
Sign-in restriction | Yes You can restrict the IP addresses from which users can sign in. To do this, you can go to the following pages: Authentication > Users Authentication > Groups | Doesn't apply. Sophos Firewall allows clientless users based on their IP addresses. |
User type and profile | Yes User or administrator | No |
Group membership | Normal group | Clientless group |
MAC binding | Yes | No |
Surfing quota policy | Yes | No |
Access time policy | Yes | No |
Network traffic policy | Yes | No |
Traffic shaping policy | Yes | Yes |
Remote access VPN policies (IPsec, SSL VPN, L2TP, PPTP, and clientless VPN policies) | Yes | No You can't assign these users to remote access VPN policies. |
Quarantine digest | Yes | Yes |
More resources