Chapter 9 Authentication
STEP 1
STEP 2
STEP 3
STEP 4
A user logs on to the device to gain access to network resources.
To access network services through the device Firewall, the user opens up a standard Web browser and logs in using the LAN IP address of the device via HTTPS.
When prompted, the user enters a username and password.
The device authenticates the user (checks that the user is listed in the database and that the username and password are correct). Two methods are available for user authentication:
•Using a RADIUS authentication server. The preferred method, for large networks.
•Using the local X family database. This can be used if no RADIUS server is available, typically for small networks.
If no matching username and password can be located in the database, the firewall denies the login request.
If a matching user is found, the firewall applies the privileges associated with the privilege group to which the user belongs.
When a user requests a network service in another security zone, the device applies the relevant firewall rule for the type of service or application being requested:
If a firewall rule is restricted to authenticated users and the user requesting the service is not in a privilege group that requires Firewall Rule Authentication, firewall rule matching skips to the next firewall rule in the table looking for a match.
For more detailed information on user authentication, refer to the Concepts Guide.
RADIUS
The X family supports user authentication via Remote Authentication
(RADIUS). Radius authentication may be used in place of the embedded user database within TOS, and may be used for all authenticated access for Local Users.
The following activities may be authenticated using RADIUS:
•VPN client dialup
•
•Internet access
•Web filtering bypass
You can view and manage the RADIUS configuration parameters from the RADIUS page (Authentication > Radius).
Configure RADIUS
STEP 1
STEP 2
STEP 3
From the LSM menu, select Authentication > RADIUS.
On the RADIUS page, check Enable RADIUS authentication to use remote user authentica- tion.
To specify the activities managed by RADIUS authentication, check User Authentication and/or VPN Client Access.
252 X Family LSM User’s Guide V 2.5.1