Configuring securid authentication – WatchGuard Technologies FireboxTM System 4.6 User Manual

Page 101

Advertising
background image

VPN Manager Guide

91

Configuring SecurID authentication

8

Enter the value of the shared secret between the Firebox and the CRYPTOCard
server.

This is the key or client key in the “Peers” file on the CRYPTOCard server. This key is case

sensitive and must be identical on the Firebox and the CRYPTOCard server for CRYPTOCard

authentication to work.

9

Click OK.

The Member Access and Authentication Setup dialog box closes, and the new authentication

settings are saved.

10 Gather the IP address of the Firebox and the user or group aliases to be

authenticated via CRYPTOCard. The aliases appear in the “From” and “To”
listboxes in the individual services’ Properties dialog boxes.

On the CRYPTOCard server:

1

Add the IP address of the Firebox where appropriate according to
CRYPTOCard’s instructions.

2

Take the user or group aliases from the service properties listboxes and add them
to the group information in the CRYPTOCard configuration file. Only one group
can be associated with each user.

For more information, consult the CRYPTOCard server documentation.

Configuring SecurID authentication

For SecurID authentication to work, the RADIUS and ACE/Server server must first
be correctly configured. In addition, users must have a valid SecurID token and PIN
number. Please see the relevant documentation for these products.

From Policy Manager:

1

Select Setup => Authentication.

The Member Access and Authentication Setup dialog box appears.

2

Under Authentication Enabled Via, click the SecurID Server option.

3

Click the SecurID Server tab.

You might need to use the arrow buttons in the upper-right corner of the dialog box to bring this

tab into view.

4

Enter the IP address of the SecurID server.

5

Enter or verify the port number used for SecurID authentication.

The default is 1645.

6

Enter the value of the secret shared between the Firebox and the SecurID server.

The shared secret is case sensitive and must be identical on the Firebox and the SecurID server.

The filter rules for CRYPTOCard user Filter-IDs are case-sensitive.

WatchGuard does not support the third-party program Steel Belted RADIUS

for use with SecurID. Customers should use the RADIUS program bundled

with the RSA SecurID software.

Advertising
Popular Brands
Popular manuals