To Specify Radius Server Authentication; To Configure Radius Authorization; Choosing Radius Authentication Protocols - Watchguard SSL 1000 User Manual
Vpn gateway
Hide thumbs
Also See for SSL 1000:
- Setup manual (6 pages) ,
- Hardware manual (31 pages) ,
- Quick reference manual (2 pages)
Table of Contents
Advertisement
Using RADIUS Servers for Authentication and Authorization
To specify RADIUS server authentication
1
Click the Authentication tab.
2
In Realm Name, type a name for the authentication realm that you will create, select One Source,
and then click Add.
If your site has multiple authentication realms, use a name that identifies the RADIUS realm for which you will
specify settings. Realm names are case-sensitive and can contain spaces.
If you want the Default realm to use RADIUS authentication, remove the Default realm as described in
"Changing the Authentication Type of the Default Realm" on page 65.
3
In Select Authentication Type, choose RADIUS Authentication and click OK.
The dialog box for the authentication realm opens.
4
In Server IP Address, type the IP address of the RADIUS server.
5
In Server Port, type the port number. The default port number is 1812.
6
In Server Secret, type the RADIUS server secret.
The server secret is configured manually on the RADIUS server and on the Firebox SSL VPN Gateway.
7
If you use a secondary RADIUS server, enter its IP address, port, and server secret.
Make sure you use a strong shared secret. A strong shared secret is one that is at least eight characters
and includes a combination of letters, number, and symbols.
To configure RADIUS authorization
1
Click the Authorization tab and in Authorization Type, select RADIUS Authorization.
You can use the following authorization types with RADIUS authentication:
•
RADIUS authorization
•
Local authorization
•
LDAP authorization
•
No authorization
2
Complete the settings using the attributes defined in IAS.
For more information about the values for these fields, see "To configure Microsoft Internet Authentication Service
for Windows 2000 Server" on page 70.
3
Click Submit.
Choosing RADIUS Authentication Protocols
The Firebox SSL VPN Gateway supports implementations of RADIUS that are configured to use the Pass-
word Authentication Protocol (PAP) for user authentication. Other authentication protocols such as the
Challenge-Handshake Authentication Protocol (CHAP) are not supported.
If your deployment of Firebox SSL VPN Gateway is configured to use RADIUS authentication and your
RADIUS server is configured to use PAP, you can strengthen user authentication by assigning a strong
shared secret to the RADIUS server. Strong RADIUS shared secrets consist of random sequences of
uppercase and lowercase letters, numbers, and punctuation and are at least 22 keyboard characters
long. If possible, use a random character generation program to determine RADIUS shared secrets.
To further protect RADIUS traffic, assign a different shared secret to each Firebox SSL VPN Gateway
appliance. When you define clients on the RADIUS server, you can also assign a separate shared secret to
each client. If you do this, you must configure separately each Firebox SSL VPN Gateway realm that uses
72
Note
Note
Firebox SSL VPN Gateway
Advertisement
Table of Contents
Troubleshooting
