P. 1
Endian Document

Endian Document

|Views: 1|Likes:

More info:

Published by: Kim Vladimir Diaz Fuentes on Sep 23, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

09/04/2014

pdf

text

original

Endian Firewall’s proxy supports four different authentication types: Local, LDAP, Windows, Radius. Each of these types
needs different confguration parameters and is described below. However, the global confguration parameters are:

NUMBER OF AUTHENTICATION PROCESSES

the number of authentication processes that can run
simultaneously

AUTHENTICATION CACHE TTL (IN MINUTES)the time in minutes how long authentication data should
be cached

LIMIT OF IP ADDRESSES PER USER

the maximum number of IP addresses from which a user
can connect to the proxy simultaneously

USER / IP CACHE TTL (IN MINUTES)the time in minutes how long an IP address will be associ-
ated with the logged in user

AUTHENTICATION REALM PROMPTthis text will be shown in the authentication dialog

REQUIRE AUTHENTICATION FOR UNRESTRICTED
SOURCE ADDRESSES

if you disable this unrestricted source addresses will not
have to provide their credentials

DOMAINS WITHOUT AUTHENTICATION

in this textarea you can enter domain names that can be
accessed without being authenticated (one per line)

SOURCES (SUBNET / IP / MAC)WITHOUT AUTHEN-
TICATION

in this textarea you can enter source subnets, IP addresses
or MAC addresses that do not require authentication (one
per line)

The following parameters are available for local authentication.

USER MANAGEMENTClick on this button if you want to manage local users.

MIN PASSWORD LENGTH

Here you can set the minimum password length for local users.

The following parameters are available for LDAP authentication.

BASE DN

the base distinguished name, this is the start point of your search

LDAP TYPE

here you can choose whether you are using an Active Directory server, a Novell
eDirectory server, a LDAP version 2 server or a LDAP version 3 server

LDAP SERVER

the IP address or fully qualifed domain name of your LDAP server

authentication

36

Endian unifed network Security

The Proxy Menu

PORTthe port on which the server is listening

BIND DN USERNAME

the fully distinguished name of a bind DN user, the user must have permission to
read user attributes

BIND DN PASSWORD

the password of the user

USER OBJECTCLASS

the bind DN user must be part of this objectClass

GROUP OBJECTCLASS

the bind DN user must be part of this objectClass

The following parameters are available for Windows authentication.

DOMAIN

the domain you want to join

PDC HOSTNAME

the hostname of the primary domain controller

BDC HOSTNAME

the hostname of the backup domain controller

USERNAME

the username you want to use to join the domain

PASSWORD

the user’s password

JOIN DOMAIN

click here to join the domain

ENABLE USER-BASED AC-
CESS RESTRICTIONS

if you tick this checkbox you can add authorized and unauthorized users to the
textfelds that will appear below

USE POSITIVE/NEGATIVE
ACCESS CONTROL

you can choose whether you want to use positive or negative access control, in
the textfelds you can enter one user per line that should have access or should not
have access, depending on the access control policy you chose

The following parameters are available for Radius authentication.

RADIUS SERVER

the address of the RADIUS server

PORTthe port on which the RADIUS server is listening

IDENTIFIER

an additional identifer

SHARED SECRETthe password to be used

ENABLE USER-BASED AC-
CESS RESTRICTIONS

if you tick this checkbox you can add authorized and unauthorized users to the
textfelds that will appear below

USE POSITIVE/NEGATIVE
ACCESS CONTROL

you can choose whether you want to use positive or negative access control, in
the textfelds you can enter one user per line that should have access or should not
have access, depending on the access control policy you chose

Default policy

37

Endian unifed network Security

The Proxy Menu

use native windows authentication with active Directory

In order to be able to use Windows’ native authentication with active directory you have to make sure that a few conditions
are met:

The frewall must join the domain.

The system clocks on the frewall and on the active directory server have to be in sync.

In the

PROxy, DnS, CuSTOM naMESERVER a custom nameserver has to be entered.

The frewall must be able to resolve the name of the Active Directory server (e.g. through an entry in

nETwORk, EDIT

HOSTS).

The realm must be a fully qualifed domain name.

The PDC hostname has to be set to the netbios name of the Active Directory server.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->