Configuring Double-Source Authentication; To Create And Configure A Double-Source Authentication Realm - Watchguard SSL 1000 User Manual
Vpn gateway
Hide thumbs
Also See for SSL 1000:
- Setup manual (6 pages) ,
- Hardware manual (31 pages) ,
- Quick reference manual (2 pages)
Table of Contents
Advertisement
You can prevent the storage of one-time passwords in cache, which forces the user to enter their cre-
dentials again.
To prevent caching of one-time passwords
1
In the Administration Tool, click the Authentication tab.
2
Open the authentication realm that uses the one-time password.
3
Select Use the password one time and click Submit.
Configuring Double-Source Authentication
The Firebox SSL VPN Gateway supports double-source authentication. On the Authentication tab, you
can configure two types of authentication, such as LDAP and RSA SecurID for one realm. When users log
on to the Firebox SSL VPN Gateway using a Web browser, and double-source authentication is config-
ured, they are redirected automatically to a logon Web portal page. There, they type in their user name
and passwords for each type of authentication. If they are using the Secure Access Client to log on, the
Secure Access dialog box appears requesting the same information as the Web page.
There can be a mix of double-source authentication realms. For example, you can have one or more
realms for single authentication and then have one or more realms configured for double-source
authentication. In a mixed authentication environment, when users log on using either the Web
browser or Secure Access Client, they will see two password fields. If they are logging on using only one
authentication method, the second password field is left blank.
For more information about logging on using the Web-based portal page, see "Double-source Authen-
tication Portal Page" on page 43.
To create and configure a double-source authentication realm
1
On the Authentication tab, click Authentication.
2
In Realm Name, type a name.
3
Select Two Source and then click Add.
4
In the Select Authentication Type dialog box, select the authentication types in Primary
Authentication Type and Secondary Authentication Type.
Click Add.
5
6
On the Primary Authentication tab, configure the settings for the first authentication type and
click Submit.
7
On the Secondary Authentication tab, configure the settings for the second authentication type
and click Submit.
8
On the Authorization tab, in Authorization Type, select the authorization type you want to use,
configure the settings, and click Submit.
Double-source authentication works in reverse of how it is configured on the Firebox SSL VPN Gateway.
For example, if you configured RSA SecurID on the Secondary Authentication tab and LDAP on the
Primary Authentication tab, when users log on, they type their LDAP password in the first password
field and the RSA SecurID personal identification number (PIN) and passcode in the second password
field. When users click Connect, the Firebox SSL VPN Gateway authenticates using the RSA SecureID PIN
Administration Guide
Configuring Double-Source Authentication
85
Advertisement
Table of Contents
Troubleshooting
