Athena SWG (Secure Web Gateway)

Athena SWG (formerly Internet Access Gateway) ensures visibility and control across the network, detecting risks like unauthorized access, non-compliant activities, and data leaks to manage endpoints.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
13.0.120
Athena SWG (Secure Web Gateway) {{ breadTitle }} User Manual Use Cases Configuration That Requires No User Authentication
{{sendMatomoQuery("Athena SWG (Secure Web Gateway)","Configuration That Requires No User Authentication")}}

Configuration That Requires No User Authentication

{{ $t('productDocDetail.updateTime') }}: 2025-12-29

Configuration Example 1: A customer requires that authenticating the intranet users within the 10.10.10.0/24 segment for Internet access must be transparent so that the users do not perceive the existence of the IAG. IP addresses identify endpoint devices and can access the Internet without authentication. Users connected to the Internet are not added to the organization structure, and the Internet access permissions of the Intranet Group are assigned to the users.

Step 1.Navigate to Access Mgt > Authentication >  Web Authentication >  Authentication Policy, click Add and enable user authentication. Set IP/MAC address. In this example, set it to 10.10.10.0/24.

Step 2.In Authentication Method, select Open Authentication. In Username, select Auto assigned > Take IP address as username.

In Action:

The customer requires that authenticated users are not added to the organization structure. Therefore, do not select Add Non-Local/Domain Users to Group. To enable the users to access the Internet with the permissions of Intranet Group, set Group Used by Non-local/Domain Users for Network Access to /Intranet Group/.

Step 3.When a user accesses the Internet, the user's IP address is used as the username and authenticated. Information about the user can be viewed in the online user list.

Configuration Example 2: A customer requires that the intranet users within the 10.10.10.0/24 segment can access the Internet without authentication. After user authentication, IP addresses are used as usernames and added to the organization structure. The users are added to the Intranet Group. Because intranet IP addresses are fixed, the customer wants the IAG to automatically bind users with IP addresses and MAC addresses so that intranet users cannot change their IP addresses when accessing the Internet. If they change their IP addresses, they cannot be authenticated on the IAG and cannot access the Internet. L3 switches are deployed between the intranet and the IAG.

Step 1.Navigate to Access Mgt > Authentication > Web Authentication > Authentication Policy > Add and enable user authentication. Set Objects. In this example, set it to 10.10.10.0/24.

In the Auth Method, select Open Auth. In Username, select Take IP address as username.

 

In Action:

The customer requires that authenticated users are added to the organization structure and the Intranet Group.

Set Add Non-Local/Domain Users to Group. Select Add user account to local user database. Select Automatic binding.

Click OK.

Step 2.Because L3 switches are deployed between the intranet and the IAG, the SNMP function of the IAG must be enabled, which obtains users' real AMC addresses from the switches based on the SNMP protocol. In this scenario, the switches must support the SNMP function.

Navigate to Access Mgt > Authentication > Correlation Connection > MAC Address Acquisition and tick Enable MAC acquisition across L3 network and configure the IP addresses, MAC addresses, and SNMP information of the L3 switches.

Step 3.When a user accesses the Internet, the user's IP address is used as the username and authenticated. Information about the user can be viewed in the online user list.

The binding relationships between IP and MAC addresses set up during user authentication are registered. You can query the relationships on the IP/ Bind IP/MAC Address tab page.