Table of Contents
Advertisement
Setting Up Remote VPN Access for Users
If you are using your UTM-1 appliance as a SecuRemote Remote Access VPN Server, as
an internal VPN Server, or as an L2TP VPN Server, you can allow users to access it
remotely through their Remote Access VPN Clients (a Check Point SecureClient, Check
Point SecuRemote, an L2TP VPN Client, or another Embedded NGX appliance).
To set up remote VPN access for a user
1.
Enable your VPN Server, using the procedure Setting Up Your UTM-1
Appliance as a VPN Server on page 476.
2.
Add or edit the user, using the procedure Adding and Editing Users on page
546.
You must select the VPN Remote Access option.
Using RADIUS Authentication
You can use Remote Authentication Dial-In User Service (RADIUS) to authenticate both
UTM-1 appliance users and Remote Access VPN Clients trying to connect to the UTM-1
appliance.
Note: When RADIUS authentication is in use, Remote Access VPN Clients must
have a certificate.
When a user tries to log on to the UTM-1 Portal, the UTM-1 appliance sends the entered
user name and password to the RADIUS server. The server then checks whether the
RADIUS database contains a matching user name and password pair. If so, then the user is
logged on.
By default, all RADIUS-authenticated users are assigned the set of permissions specified
in the UTM-1 Portal's RADIUS page. However, you can configure the RADIUS server to
pass the UTM-1 appliance a specific set of permissions to grant the authenticated user,
instead of these default permissions. This is done by configuring the RADIUS Vendor-
Specific Attribute (VSA) with a set of attributes containing permission information for
Chapter 17: Managing Users
Setting Up Remote VPN Access for Users
553
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the UTM-1 Edge and is the answer not in the manual?