Configuring radius server authentication – WatchGuard Technologies FireboxTM System 4.6 User Manual

Page 99

Advertising
background image

VPN Manager Guide

89

Configuring RADIUS server authentication

2

Under Authentication Enabled Via, click the NT Service option.

WatchGuard activates the Windows NT Server controls.

3

Click the Windows NT Server tab.

4

To identify the host either:

- Enter both the host name and the IP address of the Windows NT network.

- Enter the host name. Click Find IP.

5

Enable or clear the checkbox labeled Use Local Groups.

Enable use the local groups on the authentication host and clear use the global groups on the

authentication host. Consult your Windows NT documentation for details.

6

Click Test to ensure the integrity of the host name and IP address.

WatchGuard searches the network for a matching server. If it finds one, it adds it to the listbox

on this tab. If the cursor returns and the listbox remains blank, your host name or IP address is

incorrect or the designated server is either not a Windows NT 4.0 server or for some reason is

currently unavailable. This functionality is not supported on Windows 95 or Windows 98

machines.

7

Click OK.

Configuring RADIUS server authentication

The Remote Authentication Dial-In User Service (RADIUS) provides remote users
with secure access to corporate networks. RADIUS is a client-server system that
stores authentication information for users, remote access servers, and VPN gateways
in a central user database that is available to all servers. Authentication for the entire
network happens from one location.

To add or remove services accessible by RADIUS authenticated users, add the
RADIUS user or group in the individual service properties dialog box, and the IP
address of the Firebox on the RADIUS authentication server.

Although WatchGuard supports both CHAP and PAP authentication, CHAP is
considered more secure.

From Policy Manager

1

Select Setup => Authentication.

The Member Access and Authentication Setup dialog box appears.

2

Under Authentication Enabled Via, click the RADIUS Server option.

3

Click the RADIUS Server tab.

4

Enter the IP address of the RADIUS server.

5

Enter or verify the port number used for RADIUS authentication.

The default is 1645. (RFC 2138 states the port number as 1812, but many RADIUS servers still

use post number 1645.)

6

Enter the value of the secret shared between the Firebox and the RADIUS server.

The shared secret is case sensitive and must be identical on the Firebox and the RADIUS server.

7

Click OK.

Advertising
Popular Brands
Popular manuals