2021-08-12T06:57:00Z

What firewalls do support identity-based rules?

EB
  • 6
  • 770
PeerSpot user
5

5 Answers

LE
User
2022-08-26T20:51:43Z
Aug 26, 2022

Most support some form of identity-based policies based on LDAP and/or AD and it won't be a simple straightforward decision, choosing the one that best fits what you're trying to achieve and your budget. 


Look at things like cost (is it an add-on or comes as part of the base product), and licensing (e.g., do you need to maintain a license for the feature to continue). Essentially, choose a number of products and ask vendors questions.  


Do your preparation and ask a lot of questions.

Search for a product comparison in Firewalls
FT
Real User
2022-08-26T17:05:40Z
Aug 26, 2022

What is your goal? If you want to restrict access by identifying the user and use groups for certain access areas, Sophos provides many options. FW combined with endpoint protection and server protection can offer total protection. If you want to use access-based identification to provide networks like Microsoft VPN, then you might look into Meraki. 


They offer a client and small VPN FWs to manage access to a corporate network.

EH
Vendor
Top 20
2022-08-26T15:04:20Z
Aug 26, 2022

As my company Axalon is focused on the Identity Governance and Administration (IGA) part of the security market, I'll answer the question from that perspective: 


In the last 5-8 years an increasing number of vendors for so-called CIAM (Consumer (oriented) Identity & Access management) solutions have improved and extended their functionality.


As a very interesting example of access policies based on ID-based rules, I'd like to mention the product CIDAAS (from a german vendor called widas).


2 examples of the ID-based rules to govern the access of users:


(1) IoT device identity association
As IoT devices increase in popularity, consumers and business customer users will have a greater need to associate their IoT devices with their digital identities. These identity associations between consumer and IoT objects allow for the more secure and private use of smart home, wearables, medical, and even industrial devices.


(2) Fraud detection is enhanced by identity proofing and device fingerprinting functionality. cidaas smart MFA uses User Behavioral Analysis (UBA), based on geo-location, device fingerprint and more, as triggers for step-up authentication based on the risk level of the requesting user-client.


A security dashboard is integrated into CIDAAS' admin UI to help customers secure their applications, the dashboard provides functionalities to monitor and manage security and fraud protection, as well as provides insights into the cidaas configuration of clients or the instance (wrong scopes on a client).


Summary: CIDAAS is of course NOT an NGFW, but combines security and business features, both based on the ID of the accessing user in order to increase the protection level of sensitive content in the own IT landscape and deliver business-relevant information about accessing customers in parallel. 

CL
User
2022-08-26T12:33:27Z
Aug 26, 2022

We have a Sophos XG Firewall and the authentication methods are included in identity-based firewall rules even if the users are local and if you use LDAP or Active Directory.

MB
User
2021-10-05T19:24:34Z
Oct 5, 2021

We use Check Point for this solution through the Identity Awareness blade where when integrating with the domain controller or LDAP, we can see the entire organizational unit of the Active Directory where we can generate rules through the user's profile to make access more dynamic to the internet services, DMZ or others. 


It is a good experience that gives us greater control and agility when debugging users since these changes are reflected in the FW when they are eliminated from the AD.

Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls. Updated: March 2024.
765,234 professionals have used our research since 2012.
Identity Management (IM)
What is identity management (IM)? Identity management (IM), also referred to as identity and access management (IAM), is an organizational process used to securely connect electronic or digital identities with the right levels of access.
Download Identity Management (IM) ReportRead more

Related Q&As