How Local User Authentication Works: RADIUS, Privilege Groups and X.509 Certificates

You may choose to use RADIUS for VPN clients only, or to use it for both User Authentication and VPN Client Access.

STEP 4 In the Radius Server Setup table:

STEP A Type the Server Timeout value (between 1 and 30).

If no response is received from the RADIUS server, this value defines the time in seconds before the X family attempts to reconnect.

STEP B Type the Server Retries value (between 1 and 10).

This defines the number of times the X family will attempt to connect to the

RADIUS server.

STEP 5

STEP 6

For the Primary and Secondary RADIUS Servers, type:

Address — the IP/DNS address of the RADIUS server.

Port — the UDP port number on the RADIUS server where you want X family to send the authentication requests. The default port number is 1812.

Shared Secret — the password (between 8 and 128 characters) that you want the X family and RADIUS server to use for communicating with each other.

Authentication Method — the protocol for authentication either PAP (Password Authentication Protocol) or CHAP (Challenge Handshake Authentication Protocol).

If the RADIUS server has not been configured with a Privilege Group attribute (Vendor Specific Attribute or VSA), select the Default Privilege Group to be assigned from the drop- down list.

STEP 7 Click Apply.

Privilege Groups

Privilege Groups allow you to setup access rights to specific services on the network that can then be enforced Firewall rules.

The types of global privileges that can be enabled for users within a group are:

VPN client access

Firewall rule authentication

Web filter bypass

The Privilege Group is a component of the local user database entries or retrieved from RADIUS via a Vendor Specific Attribute (VSA). (For more information, see “RADIUS” on page 252.) The device supports up to 100 Privilege Groups.

You can manage and configure from the Privilege Groups page. From this page you can:

View currently configured Privilege Groups

Delete a Privilege Group

Create Privilege Groups

X Family LSM User’s Guide V 2.5.1

253