HTTP web connections to be authenticated via a predefined or custom web page (see
the detailed HTTP explanation below).
An IP rule allowing client access to core is also required with this agent type.
ARP authentication can also be done using this option and this is explained further in
Section 8.3, “ARP Authentication”.
iii. HTTPS
HTTPS web connections to be authenticated via a predefined or custom web page (also
see the detailed HTTP explanation below).
An IP rule allowing client access to core is also required with this agent type.
iv. XAUTH
This is the IKE authentication method which is used as part of VPN tunnel establishment
with IPsec.
XAuth is an extension to the normal IKE exchange and provides an addition to normal
IPsec security which means that clients accessing a VPN must provide a login username
and password.
It should be noted that an interface value is not entered with an XAuth authentication
rule since one single rule with XAuth as the agent will be used for all IPsec tunnels.
However, this approach assumes that a single authentication source is used for all
tunnels.
An IP rule allowing client access to core is not required.
v. L2TP/PPTP/SSL VPN
This is used specifically for L2TP, PPTP or SSL VPN authentication.
An IP rule allowing client access to core is not required.
• Authentication Source
This specifies that authentication is to be performed using one of the following:
i. LDAP - Users are looked up in an external LDAP server database.
ii. RADIUS - An external RADIUS server is used for lookup.
iii. Disallow - This option explicitly disallows all connections that trigger this rule. Such
connections will never be authenticated.
Any Disallow rules are best located at the end of the authentication rule set.
iv. Local - A local user database defined within NetDefendOS is used for looking up user
credentials.
v. Allow - With this option, all connections that trigger this rule will be authenticated
automatically. No database lookup occurs.
• Interface
The source interface on which the connections to be authenticated will arrive. This must be
Chapter 8: User Authentication
625
To Next Page
Loading...
