Table of Contents
Advertisement
•
HTTPS traffic
•
IPsec tunnel traffic
•
L2TP tunnel traffic
•
PPTP tunnel traffic
•
SSL VPN tunnel traffic
3.
If no rule matches, the connection is allowed, provided the IP rule set permits it, and
nothing further happens in the authentication process.
4.
Based on the settings of the first matching authentication rule, NetDefendOS may prompt
the user with an authentication request which requires a username/password pair to be
entered.
5.
NetDefendOS validates the user credentials against the Authentication Source specified in
the authentication rule. This will be either a local NetDefendOS database, an external
RADIUS database server or an external LDAP server.
6.
NetDefendOS then allows further traffic through this connection as long as authentication
was successful and the service requested is allowed by a rule in the IP rule set. That rule's
Source Network object has either the No Defined Credentials option enabled or
alternatively it is associated with a group and the user is also a member of that group.
7.
If a timeout restriction is specified in the authentication rule then the authenticated user will
be automatically logged out after that length of time without activity.
Any packets from an IP address that fails authentication are discarded.
8.2.7. HTTP Authentication
Where users are communicating through a web browser using the HTTP or HTTPS protocol then
authentication is done by NetDefendOS presenting the user with HTML pages to retrieve
required user information. This is sometimes also referred to as WebAuth and the setup requires
further considerations.
The Management Web Interface Port Must Be Changed
HTTP authentication will collide with the Web Interface's remote management service which also
uses TCP port 80 by default. To avoid this problem, the Web Interface port number must be
changed before configuring authentication.
Do this by going to Remote Management > Advanced settings in the Web Interface and
changing the setting WebUI HTTP Port. Port number 81 could instead, be used for this setting.
The same is true for HTTPS authentication and the default HTTPS management port number of
443 must also be changed.
HTTP and HTTPS Agent Options
For HTTP and HTTPS authentication there is a set of options in an authentication rule called
Agent Options. These are:
•
Login Type - This can be one of:
627
Chapter 8: User Authentication
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
