ProSecure Unified Threat Management (UTM) Appliance Reference Manual

4.Complete the fields, select the radio buttons, and make your selections from the pull-down menus as explained Table 7-13.

Table 7-13.Extended Authentication Settings

Item

Description (or Subfield and Description)

 

 

Select one of the following radio buttons to specify whether or not Extended Authentication (XAUTH) is enabled, and–if enabled–which device is used to verify user account information:

None. XAUTH is disabled. This the default setting.

Edge Device. The UTM functions as a VPN concentrator on which one or more gateway tunnels terminate. The authentication mode that is available for this configuration is User Database, RADIUS PAP, or RADIUS CHAP.

IPSec Host. The UTM functions as a VPN client of the remote gateway. In this configuration the UTM is authenticated by a remote gateway with a user name and password combination.

Authentication

For an Edge Device configuration: from the pull-down menu, select one of the

Type

following authentication types:

 

User Database. XAUTH occurs through the UTM’s user database. Users must be

 

added through the Add User screen (see “User Database Configuration” on

 

page 7-40).

 

Radius PAP. XAUTH occurs through RADIUS Password Authentication Protocol

 

(PAP). The local user database is first checked. If the user account is not present

 

in the local user database, the UTM connects to a RADIUS server. For more

 

information, see “RADIUS Client Configuration” on page 7-40.

 

Radius CHAP. XAUTH occurs through RADIUS Challenge Handshake

 

Authentication Protocol (CHAP). For more information, see “RADIUS Client

 

Configuration” on page 7-40.

Username

The user name for XAUTH.

 

 

Password

The password for XAUTH.

 

 

5.Click Apply to save your settings.

User Database Configuration

When XAUTH is enabled in an Edge Device configuration, users must be authenticated either by a local user database account or by an external RADIUS server. Whether or not you use a RADIUS server, you might want some users to be authenticated locally. These users must be added to the List of Users table on the Users screen, as described in “Configuring User Accounts” on page 9-9.

RADIUS Client Configuration

Remote Authentication Dial In User Service (RADIUS, RFC 2865) is a protocol for managing authentication, authorization, and accounting (AAA) of multiple users in a network. A RADIUS server stores a database of user information, and can validate a user at the request of a gateway or

7-40

Virtual Private Networking Using IPsec Connections

v1.0, January 2010

Page 252
Image 252
NETGEAR UTM50-100NAS, UTM5-100NAS manual User Database Configuration, Radius Client Configuration