System menu features
Users menu
• If no response is received, carefully check the IP address of the RADIUS server and also the shared
secret configuration for this appliance.
• This test uses a simple PAP request. If your RADIUS server is configured only for CHAP, you may
receive an Access Denied message, even for a valid user name/password combination. This is expected
behavior.
TACACS+ page
The UTM Firewall appliance can be configured to access a central repository of users and passwords on a
TACACS+ server to authenticate dial-in, PPTP VPN server, and L2TP VPN server connections.
From the System menu, click Users > TACAS+ tab. The TACACS+ Server page appears
1
Figure 346 TACACS+ Configuration page
Enter the address from which to obtain client authentication information in the TACACS+ Server field.
2
This address can be a fully qualified domain name of the form host.domain.com. Each label (such as host
or domain) can consist of alphanumeric characters including hyphens. Each label cannot begin or end with
the hyphen (-) character. The address can also be an IP address of the form a.b.c.d.
Enter the secret used to access the TACACS+ server in the TACACS+ Secret field. The secret can be 1
3
or more characters of any type.
Enter the secret again in the Confirm TACACS+ Secret field.
4
Click Submit.
5
Password classes
Password classes allow you to set administrative lock-out parameters for the passwords of different users
(see
Editing a user
for instructions on how to assign password classes to users). Two Password classes are
defined for you from the outset: default and PCI-DSS. The default Password class defines no administrative
lock-out parameters on passwords. The PCI-DSS class sets administrative lock-out settings in accordance
with the user authentication and password management requirements of the PCI DSS. Other PCI DSS 1.1
and 1.2 requirements are met by the UTM Firewall appliance by default, and require no further
administrative management. You can also create your own custom class.
Creating a new Password class
From the System menu, click Users and select the Passwords tab
1
Figure 347 Passwords tab
Click New. This opens the Edit Password Class Setting page
2
McAfee UTM Firewall 4.0.4 Administration Guide
(Figure
347).
(Figure
348).
(Figure
346).
339