5In Realm Name, type Default | WatchGuard Technologies SSL VPN

Scenario 1: Configuring LDAP Authentication and Authorization

Creating an LDAP Authentication and Authorization Realm

Creating an LDAP authentication and authorization realm is the second of five procedures the administrator performs to configure access to the internal network resources in this scenario. In this scenario, all of the Sales and Engineering users are listed in a corporate LDAP directory.

To authenticate users listed in an LDAP directory, the administrator must create an authentication realm that supports LDAP authentication.

To authorize users listed in LDAP directory groups to access the internal network resources, the administrator selects LDAP Authorization as the authorization type of the realm.

Because all of the users authenticate to the LDAP directory, the administrator sets up the Default authentication realm to support LDAP authentication and authorization.

To set up the Default realm to support LDAP authentication, the administrator first deletes the existing Default realm and then immediately creates a new Default realm that supports LDAP authentication. This new realm includes the address, port, and other LDAP directory information that the Firebox SSL VPN Gateway needs to connect to the LDAP directory server and resolve searches for names in the directory.

Note

The existing Default realm on the Firebox SSL VPN Gateway is configured for local authentication. By deleting the existing Default realm and creating a new Default realm for LDAP, the administrator simplifies the logon process for the end user. Users who authenticate using the Default realm do not need to enter the realm name as part of their logon credentials. For more information about realms, authentication, and authorization, see “Configuring Authentication and Authorization” on page 61.

To complete this procedure, the administrator must have available the LDAP directory information gathered in the procedure “Collecting the LDAP Directory Information” on page 162" in the previous task.

To delete the existing Default realm and create a new Default realm that supports LDAP authenti- cation and authorization

1In the Firebox SSL VPN Gateway Administration Tool, click the Authentication tab.

2Open the window for the Default realm.

3On the Action menu, select Remove "Default" realm. A warning message appears.

4Click Yes.

5In Realm Name, type Default.

6Select One Source and click Add.

7At Select Authentication Type, select LDAP authentication and then click OK. The new Default realm window opens.

8In the Authentication tab of the new Default realm window, complete the fields that enable the Firebox SSL VPN Gateway to access the LDAP server. (Use the information gathered in the procedure “Collecting the LDAP Directory Information” on page 162 in the previous task to complete these fields).

9Select the Authorization tab.

10In Authorization type, select LDAP authorization.

11In the Authorization tab, complete the fields that enable the Firebox SSL VPN Gateway to access the LDAP server.

12Click Submit.

For more information about creating realms, see “Creating Additional Realms” on page 66.

Administration Guide

165

WatchGuard Technologies SSL VPN manual 5In Realm Name, type Default

Models: SSL VPN

5In Realm Name, type Default.