Manuals / WatchGuard Technologies / Household Appliance / Water Heater

WatchGuard Technologies SSL VPN Configuring NTLM Authorization, To configure NTLM authorization

Models: SSL VPN

1 198
Download 198 pages 26.5 Kb
Page 94
Image 94
Configuring NTLM Authorization

Using RSA SecurID for Authentication

Note

Note: When 0 (zero) is entered as the port, the Access Gateway attempts to automatically detect a port number for this connection.

8In Time-out (in seconds), enter the number of seconds within which the authentication attempt must complete. If the authentication does not complete within this time interval, it fails.

9Click Submit.

Configuring NTLM Authorization

A Windows NT 4.0 domain controller maintains group accounts. A group account is a collection of indi- vidual user domain accounts (and other accounts).

To configure NTLM authorization, you click the Authorization tab in the authentication realm and enter the address and port that the Firebox SSL VPN Gateway uses to connect to the Windows NT 4.0 domain controller. You also specify a time-out value in which an authorization attempt to the Windows NT server must complete.

After a user successfully authenticates, the domain controller returns to the Firebox SSL VPN Gateway a list of all global groups of which the authenticated user is a member.

The Firebox SSL VPN Gateway then looks for a user group name on the Firebox SSL VPN Gateway that matches the name of a Windows NT 4.0 global group to which the user belongs. If the Firebox SSL VPN Gateway finds a match, the user is granted the authorization privileges to the internal networks that are associated with the user group on the Firebox SSL VPN Gateway.

To configure NTLM authorization

1Click the Authentication tab and open the authentication realm for which you want to enable NTLM authorization.

2Click the Authorization tab.

3In Authorization type, select NTLM authorization.

4In Server IP Address or FQDN, type the FQDN or IP address of the Windows NT 4.0 domain controller that will perform the NTLM authorization.

5In Server Port, type the port number.

The default port entry for NTLM authentication connections is 139.

Note

Note: When 0 (zero) is entered as the port, the Firebox SSL VPN Gateway attempts to automatically detect a port number for this connection.

6In Timeout (in seconds), enter the number of seconds within which the authorization attempt must complete before the authentication attempt is abandoned.

7Click Submit.

Configuring Authentication to use One-Time Passwords

If authentication on the Firebox SSL VPN Gateway is configured to use a one-time password with RADIUS, such as provided by an RSA SecurID token, the Firebox SSL VPN Gateway attempts to reauthen- ticate users using the cached password. This occurs when changes are made to the Firebox SSL VPN Gateway using the Administration Tool or if the connection between the Secure Access Client and the Firebox SSL VPN Gateway is interrupted and then restored.

84

Firebox SSL VPN Gateway

Page 93 Page 95
Page 94
Image 94
WatchGuard Technologies SSL VPN manual Configuring NTLM Authorization, To configure NTLM authorization
Page 93 Page 95