Alcatel-Lucent Security Management Server (SMS) Release 9.4 Technical Overview page 24

Alcatel-Lucent VPN Firewall Brick
Firewall Authentication
Firewall authentication is provided via a HTTP or HTTPS/Web Browser access, using
a two-step authentication procedure. First, the end user accesses a preconfigured IP
address (the Virtual Brick Address of the associated Virtual Firewall) from his web
browser. The Brick then provides a generic username/password web page. Upon
successful authentication, the user is informed of his required reauthentication interval,
and allowed to pass traffic, subject to configured firewall policy. Note that this process
allows any protocol to be authenticated, even if the protocol itself doesn't support an
authentication mechanism.
Additionally, it is possible to configure, via policy, a set of rules which forces any
unauthenticated outbound HTTP or HTTPS traffic to be redirected to the authentication
server, so that users need not have a priori knowledge of the authentication address.
VPN Client User Authentication
VPN Client User Authentication is provided via one of the supported IPSec Client
softwares, installed on the user's workstation. This software provides IPSec-tunneled
traffic from the user's workstation to the Brick device. Part of the tunnel establishment
procedure involves authenticating the user; once authenticated, the tunnel is
established, but the user may only access resources specifically granted his user group.
Note that each Virtual Firewall can have its own Tunnel End Point, for true Virtual
Firewall independence.
...................................................................................................................................................................................................................................
1-18
™
Security Appliance User Authentication
260-100-022R9.4
Issue 1, June 2009