You are here: Webhelp > Authentication > Web Authentication

Web Authentication

After the Web authentication (WebAuth) is configured, when you open a browser to access the Internet, the page will redirect to the WebAuth login page. According to different authentication modes, you need to provide corresponded authentication information. With the successful Web authentication, system will allocate the role for IP address according to the policy configuration, which provides a role-based access control method.

Web authentication means you will be prompted to check the identity on the authentication page. It includes the following four modes:

  • Password Authentication: Using username and password during the Web authentication.
  • SMS Authentication: Using SMS during the Web authentication. In the login page, you need to enter the mobile number and the received SMS verification code. If the SMS verification code is correct, you can pass the authentication.
  • NTLM Authentication: System obtains the login user information of the local PC terminal automatically, and then verifies the identity of the user. For more configurations, see NTLM Authentication.
NTLM authentication mode only supports the Active Directory servers deployed in Windows Server 2008 or older versions.

Enabling the WebAuth

To enable the Web authentication, take the following steps:

  1. Click Network > WebAuth > WebAuth.
  2. Select the Enable check box of WebAuth to enable the WebAuth function.

Configuring Basic Parameters for WebAuth

The basic parameters are applicable to all WebAuth polices.

To configure WebAuth basic parameters, take the following steps:

  1. Click Network > WebAuth > WebAuth,click the Enable button.

  2. Click Apply.

  • If the WebAuth success page is closed, you can log out not only by timeout, but also by visiting the WebAuth status page (displaying online users, online times and logout button). You can visit it through "http(https):// IP-Address: Port-Number". In the URL, IP-Address refers to the IP address of the WebAuth interface, and Port-Number refers to HTTP/HTTPS port. By default, the HTTP port is 8181, the HTTPS port is 44433. The WebAuth status page will be invalid if there are no online users on the client or the WebAuth is disabled.

  • After basic configurations, you should create two policy rules in Security Policy to make WebAuth effective, and then adjust the priority of the two policies to the highest. The WebAuth policies need to be configured according to the following policy template:
  • After WebAuth is configured, the users who matched the WebAuth policy are recommended to input the correct username and password, and then the users can access the network. System takes actions to avoid illegal users from getting usernames and passwords by brute-force. If one fails to log in through the same host three times in two minutes, that host will be blocked for 2 minutes.

Customizing WebAuth Page

The WebAuth page is the redirected page when an authenticated user opens the browser. By default, you need to enter the username and password in the WebAuth page. You can also select the SMS authentication mode .

  1. Click Network > WebAuth > WebAuth.
  2. Click Login Page Customization tab, and click Download Template to download the zip file “webauth" of the default WebAuth login page, and then unzip the file.
  3. Open the source file and modify the content( including style, picture, etc.)according to the requirements. For more detailed information, see the file of or
  4. Compress the modified file and click Upload to upload the zip file to system.

  • After upgrading the previous version to the 5.5R6 version, the WebAuth login page you already specified will be invalid and restored to the default page. You should re-download the template after the version upgrade and customize the login page.
  • After upgrading the system version, you should re-download the template, modify the source file, and then upload the custom page compression package. If the uploaded package version is not consistent with the current system version, the function of the custom login page will not be used normally.

  • The zip file should comply with the following requirements: the file format should be zip; the maximum number of the file in the zip file is 50; the upper limit of the zip file is 1M; the zip file should contain “index.html”.
  • System can only save one file of the default template page and the customized page. When you upload the new customized page file, the old file will be covered. You are suggested to back up the old file.
  • If you want trigger WebAuth through HTTPS request, you need import the root certificate (certificate of the device) to the browser firstly. Triggering WebAuth through HTTPS requests depends on the feature of SSL proxy . If the devrice does not support the SSL proxy. Triggering WebAuth through HTTPS requests will not work and you can then trigger WebAuth through HTTP requests.