Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Vasco aXsGUARD Gatekeeper AG-3000 Series
Summary of Contents for Vasco aXsGUARD Gatekeeper AG-3000 Series
- Page 1 aXsGUARD Gatekeeper Authentication Quick Install Guide...
- Page 2 VASCO customers and has been provided to you and your organization for the sole purpose of helping you to use and evaluate VASCO Products. As such, it does not constitute a license to use VASCO Software or a contractual agreement to use VASCO Products.
-
Page 3: Table Of Contents
Entering the System Information....................... 24 Network Settings: Ethernet Secure LAN Device.................. 26 General Settings..........................29 6.7.1 Domain Name Server........................29 6.7.2 Email Relay..........................29 Users and Groups............................ 30 Overview............................30 aXsGUARD Gatekeeper Users......................30 © 2009 - VASCO Data Security... - Page 4 9.2.2 Configuring the RADIUS Server....................46 9.2.3 RADIUS Server Authentication Policy.................... 47 10 What's Next............................. 48 11 Support..............................49 11.1 Overview............................49 11.2 If you encounter a problem....................... 49 11.3 Return procedure if you have a hardware failure................49 © 2009 - VASCO Data Security...
- Page 5 Image 31: RADIUS Server Setup....................................44 Image 32: Adding a Host to the Computer List................................45 Image 33: Adding a RADIUS Client ................................... 46 Image 34: Setting the Authentication Policy for the RADIUS Server..........................47 © 2009 - VASCO Data Security...
- Page 6 Table 3: Users & Groups > Users > Add User: Fields..........................33 Table 4: Directory Services > General..............................36 Table 5: Computer Settings.................................. 45 Table 6: Authentication > Radius > Clients: Field Descriptions....................... 46 © 2009 - VASCO Data Security...
-
Page 7: Introduction
Image 1: aXsGUARD Gatekeeper AG-3XXX Image 2: aXsGUARD Gatekeeper AG-5XXX In sections and 1.3, we introduce the aXsGUARD Gatekeeper and VASCO ® In section 2, we provide safety and environmental information. This section must be read before installing your aXsGUARD Gatekeeper. - Page 8 Help button. This button is permanently available and displays information related to the current screen. Training courses covering features in detail can be organized on demand. These courses address all levels of expertise. Please see www.vasco.com for further information. Welcome to aXsGUARD Gatekeeper security. © 2009 - VASCO Data Security...
-
Page 9: What Is The Axsguard Gatekeeper
VASCO is a leading supplier of strong authentication and electronic signature solutions and services specializing in Internet Security applications and transactions. VASCO has positioned itself as a global software company for Internet Security serving customers in more than 100 countries, including several international financial institutions. -
Page 10: Safety And Environmental Information
Such systems reuse or recycle most end-of-life materials in a safe way. The 'crossed-bin symbol' invites you to use such systems. © 2009 - VASCO Data Security... -
Page 11: Temperature, Power And Humidity
Gatekeeper by these handles. Temperature, Power and Humidity VASCO recommends installing the aXsGUARD Gatekeeper in a 'server room' with air conditioning and UPS (Uninterrupted Power Supply). If the equipment is built into a server cupboard, make sure there is sufficient ventilation. -
Page 12: Before You Begin
IP address in your network the Default Gateway setting in your network DNS Server IP address(es) for your network DNS Suffix(es) (optional) an appropriate network cable, with maximum length of 3.0 meters (see section 2.2) © 2009 - VASCO Data Security... -
Page 13: Connecting The Axsguard Gatekeeper To A Network
(example stickers are shown in the images below: please check the sticker labeling the interfaces on your aXsGUARD Gatekeeper to identify the correct socket). Image 3: Back of a Typical aXsGUARD Gatekeeper © 2009 - VASCO Data Security... - Page 14 Gatekeeper Authentication Quick Install Guide v1.6 Image 4: Example Stickers Labeling Interfaces on the aXsGUARD Gatekeeper AG-3XX3 Image 5: Example Stickers Labeling Interfaces on the aXsGUARD Gatekeeper AG-3XX4 Image 6: Example Stickers Labeling Interfaces on the aXsGUARD Gatekeeper AG-5XX6 © 2009 - VASCO Data Security...
-
Page 15: Connecting To Your Network
Configure a workstation with the following settings: IP address 192.168.250.1 Subnet Mask 255.255.255.0 Gateway 192.168.250.254 DNS Server 192.168.250.254 Once the TCP/IP settings (listed above) are active on a workstation, open a command prompt (Microsoft © 2009 - VASCO Data Security... -
Page 16: Image 8: Command Prompt And Testing Tcp/Ip Settings
Once the network settings on the aXsGUARD Gatekeeper have been configured appropriately, (explained in section 6.6), the workstation IP address can be reconfigured onto the network, and the aXsGUARD Gatekeeper can be accessed from any browser on the network. © 2009 - VASCO Data Security... -
Page 17: Accessing The Administrator Tool
(see image below) to continue. After the certificate has been accepted, the aXsGUARD Gatekeeper login screen appears (see image 10). Note The procedure for accepting a certificate varies between browsers. © 2009 - VASCO Data Security... -
Page 18: Image 9: Certificate Screen
Image 10: aXsGUARD Gatekeeper Login Screen Enter the default system administrator's Username Password (use lower case only): Username: sysadmin Password: sysadmin Press Enter or click on the Log in button to proceed (see image 10). © 2009 - VASCO Data Security... -
Page 19: Image 11: Changing The System Administrator Password
After a successful login, the status screen is shown, with a warning including a link to the screen where you can modify the default system administrator's (sysadmin) password (see image below). Image 11: Changing the System Administrator Password © 2009 - VASCO Data Security... -
Page 20: Axsguard Gatekeeper Configuration
Log on to the aXsGUARD Gatekeeper as explained in section 5. Navigate to Users & Groups > Users and click on Add new. The screen below is displayed. Fields with a description in bold are mandatory (cannot be left blank). © 2009 - VASCO Data Security... -
Page 21: Image 12: Creating A System Administrator User
Log off and log on with the newly created administrator credentials. Mandatory fields are highlighted in bold on screen. Note A log of the actions performed in the aXsGUARD Gatekeeper Administrator Tool is available under System > Logs > Admin Tool. © 2009 - VASCO Data Security... -
Page 22: Entering Customer Information
1) The screen above can also be accessed by navigating to System >Customer. 2) If you prefer not to receive any mailings from VASCO, uncheck the option 'Please send me all aXsGUARD Gatekeeper and VASCO Data Security technical and informational mailings' on the above screen. -
Page 23: Menu Structure And Navigation
Navigation instructions in the rest of this manual use the following format: Navigate to Users & Groups > General This example indicates that you need to expand the main menu topic 'Users & Groups' and click on the subtopic 'General'. © 2009 - VASCO Data Security... -
Page 24: Entering The System Information
2) The Domain Name is not necessarily the Windows Domain Name (see also the Domain Name field explanation in the table below). Note 1) Fields with a description in bold are mandatory (cannot be left blank). © 2009 - VASCO Data Security... -
Page 25: Table 1: System General Fields
This is the internal (DNS) name of the aXsGUARD Gatekeeper appliance. The name axsguard is used by default. VASCO does not recommended changing this, unless absolutely necessary, in which case no upper cases, special characters or spaces may be used. Changing the hostname requires Advanced Administrator access (see section 6.2 ) -
Page 26: Network Settings: Ethernet Secure Lan Device
Image 16: Network > Devices > Eth Click on eth0 (secure LAN). The screen below is displayed. Configure the fields as explained in the table below. Click on Update to finish. Image 17: Network > Devices > Eth > eth0 © 2009 - VASCO Data Security... -
Page 27: Image 18: Fixed Ip Configuration Ip Settings
1) Fields with a description in bold are mandatory (cannot be left blank). 2) As no Internet connectivity is required for an aXsGUARD Gatekeeper serving exclusively for authentication, keep the Interface Type for the eth1 device configured as Not in use. © 2009 - VASCO Data Security... -
Page 28: General Settings
Navigate to E-mail > General. Enter the DNS name or IP address of the SMTP relay server used in your network (see image below). Click on Update to save the settings. Image 20: E-mail>General: SMTP and E-mail Disabled © 2009 - VASCO Data Security... -
Page 29: Users And Groups
A unit, based on the location, department, access rights or position within an organization, e.g. accountants, the human resources department or legal department, management, etc. Linked to a set of permissions or restrictions which apply to its members. © 2009 - VASCO Data Security... -
Page 30: Creating And Modifying Groups
Click on Save to finish. Image 21: Creating a new group To modify an existing group: Navigate to Users & Groups > Groups. Click on the group name. Modify the group's settings. Click on Update. © 2009 - VASCO Data Security... -
Page 31: Automatically Via Active Directory
In this section, we explain how to create and modify aXsGUARD Gatekeeper users. aXsGUARD Gatekeeper users are defined in section 7.2. Users can be created manually in the Administrator Tool, or automatically through synchronization with a Directory Server, such as Microsoft Active Directory. © 2009 - VASCO Data Security... -
Page 32: Manually
Assign the user to a group using the select button. Has VASCO DIGIPASS Check this option if the user has a VASCO DIGIPASS device. Select the appropriate DIGIPASS serial number from the list. Detailed information about DIGIPASS assignment is provided in section 8.4. -
Page 33: Automatically Via Active Directory
Navigate to Directory Services > General. A screen as shown in the image below appears. Make sure the Enable DS lookups option is checked. Enter the settings as explained in Table Click on Update to save your settings. © 2009 - VASCO Data Security... -
Page 34: Image 24: Directory Services Configuration
Users and Groups aXsGUARD Gatekeeper Authentication Quick Install Guide v1.6 Image 24: Directory Services Configuration Image 25: Active Directory Tree © 2009 - VASCO Data Security... -
Page 35: Table 4: Directory Services > General
(as explained above). Both options above are All users as specified in the Directory Base for User search unchecked. are imported. © 2009 - VASCO Data Security... -
Page 36: Image 26: Synchronized Ad Users And Groups
Click on Users to view the synchronized AD users. Click on Groups to view the synchronized AD groups. Synchronized AD users and groups are listed with a special icon next to their name as shown below. Image 26: Synchronized AD Users and Groups © 2009 - VASCO Data Security... -
Page 37: Digipass Management
When a set of aXsGUARD Gatekeeper DIGIPASS devices has been ordered, the DPX file is automatically uploaded by the VASCO back office to your aXsGUARD Gatekeeper and a message is displayed in the status screen of the Administrator Tool (see below). -
Page 38: Manual Import
Manual import A DPX file can also be imported manually through the aXsGUARD Gatekeeper Administrator Tool. This is useful for importing (re-using) DIGIPASS devices and records which have been purchased with other VASCO products. Caution Importing a DIGIPASS DPX file without a valid license is not allowed. Contact your reseller for more information. -
Page 39: Assigning Digipass Devices
Navigate to Users & Groups > Users. Click on the user account to which the DIGIPASS device needs to be assigned. Check the Has VASCO DIGIPASS option. Click on Select. Select the serial number for the DIGIPASS device to be assigned. The serial number is printed on the back of the device and is composed of digits separated by one or more dashes, depending on the model. -
Page 40: Unassigning A Digipass Device
DIGIPASS records can be deleted from the aXsGUARD Gatekeeper, which is useful if the DIGIPASS hardware has been lost or stolen. To delete a DIGIPASS record: Navigate to Authentication > VASCO DIGIPASS > DIGIPASS. Check the DIGIPASS record to be removed as shown below. Click on Delete. -
Page 41: Radius Server Configuration
RADIUS configuration requires three steps, which are explained in the following sections: Add the host (RADIUS Client) to the aXsGUARD Gatekeeper Computer list. Configure the aXsGUARD Gatekeeper RADIUS server by adding the RADIUS Client. Set the required Authentication Policy for the aXsGUARD Gatekeeper RADIUS Server. © 2009 - VASCO Data Security... -
Page 42: Adding The Radius Client To The Computer List
5. The other aXsGUARD Gatekeeper Computer settings are not relevant to this setup and are explained in the aXsGUARD Gatekeeper System Administration and Authentication How To guides, which are available through the Documentation button in the Administrator Tool. Click on Save. © 2009 - VASCO Data Security... -
Page 43: Image 32: Adding A Host To The Computer List
Computer Name Enter a name for the computer. If an invalid name is provided, an error message is displayed. IP Address Enter the numeric address which identifies the computer in the network, e.g. 192.168.1.50 © 2009 - VASCO Data Security... -
Page 44: Configuring The Radius Server
Select the RADIUS client from the drop-down list. The client should exist in the aXsGUARD Gatekeeper Computer list. Shared Secret Enter the Shared Secret of the RADIUS Client. (Click A to hide or unhide the shared secret as you type: see image above). © 2009 - VASCO Data Security... -
Page 45: Radius Server Authentication Policy
Navigate to Authentication > Services. Click on aXsGUARD Gatekeeper RADIUS Server. A screen as shown below appears. Select the Authentication Policy, e.g. VASCO DIGIPASS. Click on Update to save your settings. With this configuration, all users authenticating on the RADIUS client (explained in section 9.2 ) -
Page 46: What's Next
Gatekeeper Directory Services. aXsGUARD Gatekeeper Reverse Proxy How To: this document explains the optional module, Application Firewall (Reverse Proxy), and how to secure your Outlook Web Access or Citrix server, for example, with DIGIPASS authentication. © 2009 - VASCO Data Security... -
Page 47: Support
If there is no solution in the Knowledge Base, please contact the company which supplied you with the VASCO product. If your supplier is unable to solve your problem, they will automatically contact the appropriate VASCO expert. If necessary, VASCO experts can access your aXsGUARD Gatekeeper remotely to solve any problems. -
Page 48: Vasco Data Security
Testing TCP/IP Settings............... 16 DPX file....................38 Training....................8 E-mail Addresses................22, 25 Users and Groups................30 Electrical Safety.................. 10 VASCO....................9 Email Relay..................29 Workstation TCP/IP Settings..............15 Environmental Requirements & Protection........10, 11 © 2009 - VASCO Data Security...
Need help?
Do you have a question about the aXsGUARD Gatekeeper AG-3000 Series and is the answer not in the manual?
Questions and answers