Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
8.0.85
Athena NGFW (Next-Generation Firewall) {{ breadTitle }} User Manual Policies Authentication User Authentication
{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","User Authentication")}}

User Authentication

{{ $t('productDocDetail.updateTime') }}: 2026-01-06

In this module, you can configure the user authentication parameters, including Authentication Policy, Authentication Options, and External Auth Server. Note that LAN users can still access the Internet even if the device does not enable user authentication. In this case, to protect LAN PCs, define IP addresses in objects to show user ranking and logs in IP addresses.

The authentication methods include the following types:

  1. Username/Password

Before network access, a terminal user is redirected to an authentication page to enter the correct username and password. You can authenticate either a local password or an external server password.

After the user enters the username and password, the system will first check whether the username and password are correct. Suppose the username is not found and an external authentication server is configured. In that case, the system will check whether the username and the password map those of the external authentication server.

A green background with white letters Description automatically generated

Local password authentication only applies when the Local Password is selected. Otherwise, the username and password are sent to the external authentication server for authentication.

  1. Single Sign-On

Single sign-on (SSO): This system can co-work with an identity authentication system on an organization's network to identify the user using a certain IP address. In this way, the user will not be required to enter the username/password for Internet access, thus improving the user experience of accessing the Internet.

3. Identification based on IP address, MAC address and hostname

The user is identified based on the source IP address/MAC address of the packet and the hostname.

Advantage: No authentication box will pop up in the browser for the user to enter the username and password upon network access. Therefore, the user will not perceive the existence of the device.

Disadvantage: It is impossible to identify the specific username, especially in a network where IP addresses are dynamically allocated. For this reason, user behaviors cannot map to specific users, preventing user-specific policy control.