Table of Contents
Advertisement
•
Client timeout– the amount of time, in seconds, that the ZoneRanger will maintain
information about an inactive RADIUS authentication or authorization session.
•
Server timeout – the amount of time that the Ranger Gateway will wait for a response
from a RADIUS server.
Server groups can also be configured with a number of protocol-specific options. For TACACS+,
the available server group options are:
•
TACACS+ Shared Key – the key used for encrypting TACACS+ messages. If this key is
configured, the ZoneRanger will decrypt and validate all TACACS+ messages. Note that in
order to use this option for a given server group, all devices managed by a given
ZoneRanger that are mapped to that server group will need to be configured to use the
same encryption key.
•
Insert IP Address – If the TACACS+ Shared Key has been enabled, it is possible to
configure the ZoneRanger to insert the requesting device's address into the rem_addr
field of a TACACS+ request, so that this address can be logged by the TACACS+ server.
This option may be useful in the case where the Ranger Gateway is not configured to spoof
the source address.
For RADIUS, the available server group options are:
•
RADIUS Shared Key – the key used for authenticating and encrypting RADIUS
messages. If this key is configured, the ZoneRanger will verify that all RADIUS messages
have been signed with the shared key. Note that in order to use this option for a given
server group, all devices managed by a given ZoneRanger that are mapped that server
group will need to be configured to use the same key.
ZoneRanger 5.5 User's Guide
107
Hide quick links:
Advertisement
Table of Contents
