Configuring cryptocard server authentication – WatchGuard Technologies FireboxTM System 4.6 User Manual

Page 100

Advertising
background image

Configuring CRYPTOCard server authentication

90

On the RADIUS Server

1

Add the IP address of the Firebox where appropriate according to the RADIUS
server vendor.

Some RADIUS vendors may not require this. To determine if this is required for your

implementation, check the RADIUS server vendor documentation.

2

Take the user or group aliases gathered from the service properties’ listboxes and
add them to the defined Filter-IDs in the RADIUS configuration file.

For example, to add the groups Sales, Marketing, and Engineering enter:

Filter-Id=”Sales”

Filter-Id=”Marketing”

Filter-Id=”Engineering”

For more information, consult the RADIUS server documentation.

Configuring CRYPTOCard server authentication

To add or remove services accessible by CRYPTOCard authenticated users, add the
CRYPTOCard user or group in the individual service’s Properties dialog box, and the
IP address of the Firebox on the CRYPTOCard authentication server.

From Policy Manager:

1

Select Setup => Authentication.

The Member Access and Authentication Setup dialog box appears.

2

Under Authentication Enabled Via, click the CRYPTOCard Server option.

3

Click the CRYPTOCard Server tab.

You might need to use the arrow buttons in the upper-right corner of the dialog box to bring this

tab into view.

4

Enter the IP address of the CRYPTOCard server.

5

Enter or verify the port number used for CRYPTOCard authentication.

The standard is 624.

6

Enter the administrator password.

This is the administrator password in the

passwd

file on the CRYPTOCard server.

7

Enter or accept the time-out in seconds.

The time-out period is the maximum amount of time, in seconds, a user can wait for the

CRYPTOCard server to respond to a request for authentication. Sixty seconds is CRYPTOCard’s

recommended time-out length.

Gather the IP address of the Firebox and the user or group aliases you want

to authenticate using RADIUS. The aliases appear in the “From” and “To”

listboxes for the individual services’ Properties dialog boxes.

The filter rules for RADIUS user filter-IDs are case sensitive.

Advertising
Popular Brands
Popular manuals