Manuals / WatchGuard Technologies / Household Appliance / Water Heater

WatchGuard Technologies SSL VPN manual To enable RSA SecurID authentication, Configuration Files

Models: SSL VPN

1 198
Download 198 pages 26.5 Kb
Page 91
Image 91
Configuration Files.

Using RSA SecurID for Authentication

8To create the configuration file for the new or changed Agent Host, go to Agent Host > Generate

Configuration Files.

The file that you generate (sdconf.rec) is what you will upload to the Firebox SSL VPN Gateway, as described in the next procedure.

Enable RSA SecurID authentication for the Firebox SSL VPN Gateway

You can use the following authorization types with RSA SecureID authentication:

RSA authorization

Local authorization

LDAP authorization

No authorization

To enable RSA SecurID authentication

1Click the Authentication tab.

2In Realm Name, type a name to identify the RSA ACE/Server. Realm names are case-sensitive and can contain spaces.

3Select One Source and click Add.

Note

If you want the Default realm to use RSA authentication, remove the Default realm as described in “Changing the Authentication Type of the Default Realm” on page 65.

4In the Select Authentication Type dialog box, in Authentication Type, select RSA SecurID Authentication.

5Click OK.

A dialog box for the authentication realm opens.

6To upload the sdconf.rec file that you generated in the previous procedure, on the Authentication

tab, click Upload sdconf.rec file and use the dialog box to locate and upload the file.

The sdconf.rec file is typically written to ace\data\config_files and to windows\system32.

Note

If an invalid sdconf.rec file is uploaded to the Firebox SSL VPN Gateway, it might cause the Firebox SSL VPN Gateway to send out messages to non-existent IP addresses. This might be flagged in a network monitor as network spamming.

The file status message indicates whether or not an sdconf.rec file was uploaded. If one was uploaded and you need to replace it, click Upload sdconf.rec file and use the dialog box to locate and upload the file.

The first time that a client is successfully authenticated, the

RSA ACE/Server writes some configuration files to the Firebox SSL VPN Gateway. If you subsequently change the IP address of the Firebox SSL VPN Gateway, click Remove ACE Configuration Files, restart when prompted, and then upload a new sdconf.rec file.

7To use LDAP for authorization, click the Authorization tab and complete the settings.

For more information about LDAP settings, see “Using LDAP Servers for Authentication and Authorization” on page 73. For looking up LDAP server settings, see “Determining Attributes in your LDAP Directory” on page 78.

8Click Submit.

Administration Guide

81

Page 90 Page 92
Page 91
Image 91
WatchGuard Technologies SSL VPN To enable RSA SecurID authentication, Configuration Files, 1Click the Authentication tab
Page 90 Page 92