The following steps illustrate how a RADIUS server is configured. Assume that the NetDefendOS
object will have the name rs_users and the IPv4 address radius_ip which is already defined in the
address book.
The connecting port will be 1812 (the default) and a shared secret of mysecretcode will be used
for security.
A retry timeout value of 2 means that NetDefendOS will resend the authentication request to the
sever if there is no response after 2 seconds. There will be a maximum of 3 retries.
Command-Line Interface
gw-world:/> add RadiusServer rs_users
IPAddress=radius_ip
SharedSecret=mysecretcode
Port=1812
RetryTimeout=2
Web Interface
1. Go to: Policies > User Authentication > RADIUS > Add > RADIUS Server
2. Now enter:
• Name: rs_users
• IP Address: radius_ip
• Port: 1812
• Retry Timeout: 2
• Shared Secret: mysecretcode
• Confirm Secret: mysecretcode
3. Click OK
8.2.4. External LDAP Servers
Lightweight Directory Access Protocol (LDAP) servers can also be used with NetDefendOS as an
authentication source. This is implemented by the NetDefend Firewall acting as a client to one or
more LDAP servers. Multiple servers can be configured to provide redundancy if any servers
become unreachable.
Setting Up LDAP Authentication
There are two steps for setting up user authentication with LDAP servers:
• Define one or more user authentication LDAP server objects in NetDefendOS.
• Specify one or a list of these LDAP server objects in a user authentication rule.
One or more LDAP servers can be associated as a list within a user authentication rule. The
ordering of the list determines the order in which server access is attempted.
Chapter 8: User Authentication
616
To Next Page
Loading...
