Table of Contents
Advertisement
Network and Security Manager Administration Guide
Configuring General Authentication Server Settings
Configuring Authentication Server Redundancy
396
NOTE: You must also define routes that direct authentication requests to
the RADIUS, SecurID, and LDAP servers.
To configure general authentication server object properties, in the main navigation tree,
select Object Manager > Authentication Servers then click the Add icon. The General,
Redundancy, and Identity tabs are the same for all server types; in the Server Type tab,
select the authentication server type (RADIUS, SecureID, LDAP) to configure specific
settings for that server type.
In the General tab, configure a name, color, and comment that uniquely identify the
object, then specify the IP address of the main authentication server; this is the IP address
of the server that handles authentication requests.
You can also configure an authentication timeout (default is 10 minutes) to control the
number of minutes before an authentication check times out. Timeouts affect the
following user types differently:
Auth user—The timeout countdown begins after the first authenticated session
completes. If users initiate a new session before the countdown reaches the timeout
threshold, they do not need to reauthenticate and the timeout countdown resets. The
default timeout value is 10 minutes, and the maximum is 255 minutes. You can also
set the timeout value at 0 so that the authentication period never times out.
Admin user—If the length of idle time reaches the timeout threshold, the security device
terminates the administrator session. To continue managing the device, the
administrator must reconnect to the device and re authenticate. The default timeout
value is 10 minutes, and the maximum is 1000 minutes. You can also set the timeout
value at 0 so that an administrator session never times out.
NOTE: User authentication timeout is not the same as session idle timeout.
If no activity occurs in a session for a predefined length of time, the security
device automatically removes the session from its session table.
In the Redundancy tab, you can configure backup server to handle authentication requests
if the primary server fails. For RADIUS servers only, you can also configure a secondary
backup server (this option is not supported for SecureID servers).
For RADIUS and LDAP servers only, you can configure a Failover Revert Interval that
determines how long the device uses a backup server before attempting to use the
primary server again. To configure the interval, enter the number of seconds (1 to 86400);
to disable the failover revert, set the interval to 0 (the device continues to use the backup
server indefinitely). The interval countdown begins when the device fails over from the
primary auth server to the backup or secondary backup server (RADIUS only).
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
