1. Manuals
  2. Brands
  3. Tavve Manuals
  4. Firewall
  5. zoneranger
  6. User manual

Tavve zoneranger User Manual page 103

Hide thumbs
Table of Contents

Advertisement

Add the following proxy rule to the RADIUS table:
*.*.*.* MyServerGroup
Using this configuration, the ZoneRanger will select a server from the MyServerGroup group to
handle TACACS+ and RADIUS requests from all managed devices. In order to configure a second
server group to handle requests originated by specific devices, the following steps would be
required:
Define a new server group (e.g. " MyOtherServerGroup ")
Insert proxy rules for the specific IP addresses or IP address ranges to the top of the
TACACS+ table:
10.254.1.1 MyOtherServerGroup
10.254.2.[10-20] MyOtherServerGroup
*.*.*.* MyServerGroup
Insert proxy rules for the specific IP addresses or IP address ranges to the top of the
RADIUS table:
When handling a TACACS+ or RADIUS request from a given device, the ZoneRanger will search
through the proxy rules table associated with the protocol being used for the first rule that matches
the requesting device's address. As such, it is important to ensure that specific address rules are
placed ahead of overlapping range or wild-card rules.
Server Groups are configured on the Configuration > Access Control page Server Groups tab on
the ZoneRanger web interface. Proxy rules for TACACS+ and RADIUS are configured on the
TACACS+ and RADIUS tabs.
Configuring ZoneRanger to use TACACS+/RADIUS
It is also possible to configure the ZoneRanger to use TACACS+ or RADIUS to authenticate and
authorize access to the ZoneRanger web and text interfaces. In effect, the ZoneRanger acts as a
TACACS+ or RADIUS client, using its own proxy service to relay authentication and authorization
requests to a configured server group. TACACS+ can be enabled and configured on the TACACS+
tab, and RADIUS can be enabled and configured from the RADIUS tab. Note that enabling both
TACACS+ and RADIUS at the same time is not allowed.
If the ZoneRanger is configured to use RADIUS, you will need to specify the server group to be
used for ZoneRanger authentication and authorization requests. If the ZoneRanger is configured to
use TACACS+, you can specify the server group to be used, the authentication login type (ASCII or
PAP), privilege levels associated with admin and operator status, and the service and protocol
arguments to be used in the authorization process.
If the ZoneRanger has been configured to use TACACS+ or RADIUS, and an authentication request
is rejected by the configured TACACS+ or RADIUS server, the ZoneRanger will check to see if the
specified user name and password match a locally configured user (see the Configuration > Access
Control page Users tab on the ZoneRanger web interface).
ZoneRanger 5.5 User's Guide
10.254.1.1 MyOtherServerGroup
10.254.2.[10-20] MyOtherServerGroup
*.*.*.* MyServerGroup
103
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents