Using RADIUS Servers for Authentication and Authorization

To specify RADIUS server authentication

1Click the Authentication tab.

2In Realm Name, type a name for the authentication realm that you will create, select One Source,

and then click Add.

If your site has multiple authentication realms, use a name that identifies the RADIUS realm for which you will specify settings. Realm names are case-sensitive and can contain spaces.

Note

If you want the Default realm to use RADIUS authentication, remove the Default realm as described in “Changing the Authentication Type of the Default Realm” on page 65.

3In Select Authentication Type, choose RADIUS Authentication and click OK.

The dialog box for the authentication realm opens.

4In Server IP Address, type the IP address of the RADIUS server.

5In Server Port, type the port number. The default port number is 1812.

6 In Server Secret, type the RADIUS server secret.

The server secret is configured manually on the RADIUS server and on the Firebox SSL VPN Gateway.

7If you use a secondary RADIUS server, enter its IP address, port, and server secret.

Note

Make sure you use a strong shared secret. A strong shared secret is one that is at least eight characters and includes a combination of letters, number, and symbols.

To configure RADIUS authorization

1Click the Authorization tab and in Authorization Type, select RADIUS Authorization.

You can use the following authorization types with RADIUS authentication:

RADIUS authorization

Local authorization

LDAP authorization

No authorization

2Complete the settings using the attributes defined in IAS.

For more information about the values for these fields, see “To configure Microsoft Internet Authentication Service for Windows 2000 Server” on page 70.

3Click Submit.

Choosing RADIUS Authentication Protocols

The Firebox SSL VPN Gateway supports implementations of RADIUS that are configured to use the Pass- word Authentication Protocol (PAP) for user authentication. Other authentication protocols such as the Challenge-Handshake Authentication Protocol (CHAP) are not supported.

If your deployment of Firebox SSL VPN Gateway is configured to use RADIUS authentication and your RADIUS server is configured to use PAP, you can strengthen user authentication by assigning a strong shared secret to the RADIUS server. Strong RADIUS shared secrets consist of random sequences of uppercase and lowercase letters, numbers, and punctuation and are at least 22 keyboard characters long. If possible, use a random character generation program to determine RADIUS shared secrets. To further protect RADIUS traffic, assign a different shared secret to each Firebox SSL VPN Gateway appliance. When you define clients on the RADIUS server, you can also assign a separate shared secret to each client. If you do this, you must configure separately each Firebox SSL VPN Gateway realm that uses

72

Firebox SSL VPN Gateway

Page 82
Image 82
WatchGuard Technologies SSL VPN To specify Radius server authentication, To configure Radius authorization, Click Submit

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.