Authentication Rules - D-Link NetDefendOS User Manual

8.2.5. Authentication Rules

An Authentication Rule should be defined when a client establishing a connection through a
NetDefend Firewall is to be prompted for a username/password login sequence.
Authentication Rules are set up in a similar way to other NetDefendOS security policies, and that
is by specifying which traffic is to be subject to the rule. They differ from other policies in that the
connection's destination network/interface is not of interest but only the source
network/interface of the client being authenticated.
Authentication Rule Properties
An Authentication Rule object has the following properties:
• Authentication Agent
The type of traffic being authenticated. This can be one of:
i. ARPCache
This sends the MAC address of the client's interface to a RADIUS server for
authentication and is applicable to any type of traffic.
This option is explained further in Section 8.3, "ARP Authentication".
ii. HTTP
Figure 8.2. LDAP for PPP with CHAP, MS-CHAPv1 or MS-CHAPv2
Important: The link to the LDAP server must be protected
Since the LDAP server is sending back passwords in plain text to NetDefendOS, the link
between the NetDefend Firewall and the server must be protected. A VPN link should be
used if the link between the two is not local.
Access to the LDAP server itself must also be restricted as passwords will be stored in
plain text.
624
Chapter 8: User Authentication