How User Authentication Works - Watchguard Firebox X1000 User Manual

How User Authentication Works

A specialized HTTP server runs on the Firebox. To authen-
ticate, clients must connect to the authentication server
using a Java-enabled Web browser pointed to:
http://IP address of any Firebox interface:4100/
A Java applet loads a prompt for a username and pass-
word that it then passes to the authentication server using
a challenge-response protocol. Once successfully authenti-
cated, users minimize the Java applet and browser window
and begin using allowed network services.
As long as the Java window remains active (it can be mini-
mized but not closed) and the Firebox does not reboot,
users remain authenticated until the session times out. To
prevent an account from authenticating, disable the
account on the authentication server.
Using external authentication
Although the authentication applet is primarily used for
outbound traffic, it can be used for inbound traffic as well.
Authentication can be used outside the Firebox as long as
you have an account on that Firebox. For example, if you
are working at home, you can point your browser to:
http://public IP address of any Firebox interface:4100/
The authentication applet appears to prompt you for your
login credentials. This can provide you access through var-
ious services such as FTP and Telnet, if you have preconfig-
ured your Firebox to allow this.
Enabling remote authentication
Use this procedure to allow remote users to authenticate
from the external interface, which gives them access to ser-
vices through the Firebox.
1
In the Services Arena in Policy Manager, double-click
the wg_authentication service icon.
2
On the Incoming tab, select Enabled and Allowed.
User Guide
How User Authentication Works
165