RSA Security 1.6.3 manual Partner ACE/Agent configuration, Client-initiatedauthentication

5. Partner ACE/Agent configuration

Supported authentication types with RSA SecurID product

Client-initiated authentication

Client initiated authentication means that the user starts the authentication process. It can be done with two tools: Authentication Client software (part of StoneGate VPN Client software) or using Telnet to connect to the firewall cluster on port 2543.

It is possible to authorize the client's IP address for a period of time with client initiated authentication. It is also possible to authorize the next opening connection from the client. The authorization part is specified in the access rule base.

Firewall-initiated authentication

Firewall-initiated authentication means that the firewall cluster starts the authentication process. It can be used only with the Authentication Client software. This software is part of StoneGate VPN Client software.

In firewall initiated authentication the firewall makes the connection to the client. This naturally requires that the client is reachable, e.g. there can't be NAT between firewall engine and the client.

With firewall initiated authentication it is also possible to authorize either the client's IP address or the current connection.

No software, other than StoneGate Management system and StoneGate firewall -engine are required to support Client initiated authentication, though the Authentication Client software included in the StoneGate VPN Client can be used.

For Firewall initiated authentication support the StoneGate Authentication Client software MUST be used.

4