Authentication Server Types
User Guide 131
Enabling remote authentication
Use this procedure to allow remote users to authenticate from the
External interface, which gives them access to services through the
Firebox.
1 In the Services Arena in Policy Manager, double-click the
wg_authentication service icon.
2 On the Incoming tab, select Enabled and Allowed.
3 Under the From box, click Add.
4 Click Add Under and add the IP addresses of the remote users you
are allowing to authenticate externally.
Authentication Server Types
The WatchGuard Firebox System can authenticate users against any of
five authentication server types:
• A built-in authentication server on the Firebox
• NT primary domain controllers
• RADIUS-compliant authentication servers
• CRYPTOCard authentication servers
• SecurID authentication servers
The differences among the various authentication schemes are essentially
transparent to the user; the user performs many or all of the same tasks to
authenticate against any of the five types of authentication.
The difference for the Firebox administrator is that for built-in
authentication, the database of usernames, passwords, and groups are
stored on the Firebox itself. In all other cases, the usernames, passwords,
and groups are stored on the server performing the authentication.
When the Firebox is not the authentication server, you must set up the
authentication server according to the manufacturer’s instructions and
place it on the network in a location accessible to the Firebox. It is best
placed on the Trusted side for security reasons.
Kommentare zu diesen Handbüchern