Using RSA SecurID for Authentication

8To create the configuration file for the new or changed Agent Host, go to Agent Host > Generate

Configuration Files.

The file that you generate (sdconf.rec) is what you will upload to the Firebox SSL VPN Gateway, as described in the next procedure.

Enable RSA SecurID authentication for the Firebox SSL VPN Gateway

You can use the following authorization types with RSA SecureID authentication:

RSA authorization

Local authorization

LDAP authorization

No authorization

To enable RSA SecurID authentication

1Click the Authentication tab.

2In Realm Name, type a name to identify the RSA ACE/Server. Realm names are case-sensitive and can contain spaces.

3Select One Source and click Add.

Note

If you want the Default realm to use RSA authentication, remove the Default realm as described in “Changing the Authentication Type of the Default Realm” on page 65.

4In the Select Authentication Type dialog box, in Authentication Type, select RSA SecurID Authentication.

5Click OK.

A dialog box for the authentication realm opens.

6To upload the sdconf.rec file that you generated in the previous procedure, on the Authentication

tab, click Upload sdconf.rec file and use the dialog box to locate and upload the file.

The sdconf.rec file is typically written to ace\data\config_files and to windows\system32.

Note

If an invalid sdconf.rec file is uploaded to the Firebox SSL VPN Gateway, it might cause the Firebox SSL VPN Gateway to send out messages to non-existent IP addresses. This might be flagged in a network monitor as network spamming.

The file status message indicates whether or not an sdconf.rec file was uploaded. If one was uploaded and you need to replace it, click Upload sdconf.rec file and use the dialog box to locate and upload the file.

The first time that a client is successfully authenticated, the

RSA ACE/Server writes some configuration files to the Firebox SSL VPN Gateway. If you subsequently change the IP address of the Firebox SSL VPN Gateway, click Remove ACE Configuration Files, restart when prompted, and then upload a new sdconf.rec file.

7To use LDAP for authorization, click the Authorization tab and complete the settings.

For more information about LDAP settings, see “Using LDAP Servers for Authentication and Authorization” on page 73. For looking up LDAP server settings, see “Determining Attributes in your LDAP Directory” on page 78.

8Click Submit.

Administration Guide

81

Page 91
Image 91
WatchGuard Technologies SSL VPN manual To enable RSA SecurID authentication, Configuration Files

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.