EasyManua.ls Logo

Rohde & Schwarz GP-E - User Authentication

Rohde & Schwarz GP-E
233 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
User Interface
R&S
®
GP-E/GP-S
47User Manual v16.2.1 ─ 01
3.4.1.8 User Authentication
The "User Authentication" settings determine which users are authorized to connect to
gateprotect Firewall for VPN access and allow you to connect gateprotect Firewall to
an external directory server via the Lightweight Directory Access Protocol (LDAP) to
manage users that appear in the web interface. This allows you to set firewall regula-
tions not just for computers but also for individual users.
Captive Portal
Once users have been set up as active users shown on the desktop and firewall rules
including these users have been configured, they can act according to the rules using
the so-called Captive Portal. The users have to enter the IP address of the LAN zone
in which they are located followed by port number 8080 (for example
http://192.168.100.1:8080) in the address bar of the browser. A special web
page presenting a logon page appears. After having signed in, the users will be able to
use the rule sets defined for them. Captive Portal authentication can be configured
under "Settings" on page 45.
For more detailed information on user authentication, see the following sections.
Single Sign-On
When using Single Sign-On (SSO), users can log on to a Windows client with their
Active Directory credentials and firewall rules configured on gateprotect Firewall con-
cerning these users will be automatically applied.
SSO cannot be used in an IPsec C2S connection with iOS clients using certificates for
authentication and Active Directory.
Before SSO can be used, several preconditions have to be met.
As Kerberos is time-critical, make sure to use the same time/NTP server for all compo-
nents (domain controller, Windows client and firewall).
> Preparing the Domain Controller
On the domain controller, two things have to be done:
a user named gpLogin has to be created and
a keytab file has to be generated and exported to your local disk.
> Configuring the Firewall
In a next step, you need to set up gateprotect Firewall for SSO.
Under "Firewall > User Authentication > Single Sign-On" , you can configure your gate-
protect Firewall to enable SSO.
Menu Reference

Table of Contents