30-04-2021

Sophos Chromebook



Learn how to configure Sophos Firewall to sign in Chromebook users to Sophos Firewall at the time they sign in to their Chromebook.

Search for the Sophos Chromebook user ID app and select it. Go to User settings and make the following settings for your domain: Upload the JSON configuration file to G Suite. That’s the one you’ve downloaded from Authentication Services Chromebook SSO. Clientless SSO is in the form of Sophos Transparent Authentication Suite (STAS). You can integrate STAS in an environment with a single Active Directory server. Configure Chromebook single sign-on. Learn how to configure Sophos Firewall to sign in Chromebook users to Sophos Firewall at the time they sign in to their Chromebook. Use chrome web store to install Sophos Chromebook User ID app. If a self-signed certificate is used for the XG, then the CA needs to be imported to the Chromebook. You may need to convert the generated certificate file to.pem.crt or.cer file to be compatible with the chrome book. Configure Chromebook Manual install. Use chrome web store to install Sophos Chromebook User ID app. If a self-signed certificate is used for the XG, then the CA needs to be imported to the Chromebook. You may need to convert the generated certificate file to.pem,.crt or.cer file to be compatible with the chrome book.

Objectives

When you complete this unit, you'll know how to do the following:
  • Configure an Active Directory server in Sophos Firewall for use with Google Chrome Enterprise.
  • Configure a Chromebook for use with Sophos Firewall.
  • Configure Google Chrome Enterprise for use with Sophos Firewall.

Configure Chromebook SSO with Active Directory

First configure Sophos Firewall.

Sophos
  • Your Active Directory server is already configured for use with G Suite and synchronization has taken place.
  • You know how to configure an Active Directory server in Sophos Firewall.
  • You know how to create or import certificates.
  • You know how to create firewall rules.
  • Chromebooks can connect to the network controlled by Sophos Firewall, for example, LAN or Wi-Fi.
  1. Create an Active Directory server.
    The Chromebook users in the AD must have email addresses that use the domain registered with G Suite. For example, if your registered domain is example.com, AD Chromebook users must have an email address like user@example.com.
  2. Change device access to allow Chromebook SSO.
    Go to Administration > Device access and select Chromebook SSO for the zone where the Chromebook users are allowed to connect from, for example, LAN and Wi-Fi.
  3. Create or import a valid certificate.
    Note The CN must match the zone/network where the Chromebook users are, for example, gateway.example.com.

    The certificate must not be protected by a passphrase.

    The certificate is used for SSL-encrypted communication with the Chromebooks.
  4. Go to Authentication > Services > Chromebook SSO, enable the Chromebook SSO feature and specify the following settings:
    Option
    Description
    DomainThe domain as registered with G Suite, that is, the domain suffix of the email addresses used in G Suite, for example, example.com. This can be different from your Active Directory domain.
    Port65123
    CertificateThe certificate created/imported above
    Logging levelSelect the amount of logging
  5. Click Download G Suite app config.
    This will download a JSON file that you need to upload later to G Suite.
  6. Open the file with a text editor, enter a value for serverAddress (LAN or DNS IP address of Sophos Firewall), and save.
    Server address must match the certificate’s CN, for example, 10.1.1.1.
  7. Create firewall rules.
    1. Create a User/Network rule to allow Google API and Chrome Web Store communication for all devices. This is necessary to push the app to the Chromebooks:
      • Source zones, for example: LAN, Wi-Fi
      • Destination zones, for example: WAN
      • Destination networks: Select the predefined FQDN host groups Google API Hosts and Google Chrome Web Store.
    2. Create a User/Network rule to match known users and to show the captive portal to unknown users to allow internet access to Chromebooks:
      • Source zones, for example: LAN, Wi-Fi
      • Destination zones, for example: WAN
      • Identity: Select the following options: Match known users, Show captive portal to unknown users

      Sort both rules so that rule a) is applied before rule b).

      If you don’t select Show captive portal to unknown users in rule b), we recommend that you create another network rule c) to avoid possible waiting time when contacting the Chrome Web Store.

    3. Create a User/Network rule with the following settings:
      • Rule type: Reject
      • Source zones, for example: LAN, Wi-Fi
      • Destination zones: WAN

      Place the rule at the bottom of the list so that the rule is applied last.

President Joe Biden has proposed spending $100 billion to ensure high-speed broadband is available to every American as part of his $2 trillion infrastructure plan.

Biden announced the broadband spending proposal as part of his American Jobs Plan Wednesday, saying that it will include expanded access for businesses and schools. He added that a key aspect of the plan is to make high-speed broadband affordable as the pandemic exacerbated the problems faced by millions of Americans who lack reliable and high-quality Internet services.

Sophos Chromebook

Sophos Vpn Chromebook

[Related: Biden To Order Review Of U.S. Semiconductor, IT Supply Chains]

“We’re going to drive down the price for families who have service now, and make it easier for families who don’t have affordable service to be able to get it now,” Biden said in a speech in Pennsylvania.

Biden’s $100 billion broadband plan calls for building “future-proof” infrastructure in unserved and under-served communities; prioritizing support for networks owned by local governments, non-profits and co-ops; and setting aside funds for infrastructure on tribal lands, according to a fact sheet posted on the White House’s website.

The White House said the plan will “promote price transparency and competition among Internet providers.” It will accomplish this by requiring providers to “clearly disclose” pricing while also creating an “even playing field” between private providers and those owned by municipalities and co-ops.

Sophos ChromebookSophos Chromebook

Subsidies may be required to drive down broadband costs in the short term, the White House said, but Biden does not believe in providing long-term subsidization. As such, Biden plans to work with Congress on a solution that will “reduce Internet prices for all Americans, increase adoption in both rural and urban areas, hold providers accountable, and save taxpayer money,” the White House added.

Erik Stromquist, president of CTL, a Portland, Ore.-based Chromebook seller for the education market, said Biden’s plan would expand on existing efforts to improve Internet access for under-served communities, where the need has increased as many students went remote during the pandemic.

“They’ve been trying to do it already,” he told CRN. “I think he just adds more fuel to the fire to make it happen faster.”

Stromquist said CTL has seen demand grown for Chromebooks with LTE cellular connectivity, which allows students to connect to the Internet without Wi-Fi. Sales for LTE-connected devices are expected to be 25 percent of the company’s total volume this year, he added.

Sophos Xg Chromebook User Id App

“We’re starting to see schools ask for embedded LTE as an alternative for distance learning, for equity,” he said.