Watchguard Firebox X8000 Especificaciones

Busca en linea o descarga Especificaciones para Redes Watchguard Firebox X8000. Watchguard Firebox X8000 Specifications Manual de usuario

  • Descarga
  • Añadir a mis manuales
  • Imprimir

Indice de contenidos

Pagina 1 - WatchGuard Firebox

DIGIPASS Authentication for WatchGuard Firebox DIGIPASS Authentication for WatchGuard Firebox - Integration Guideline V1.0 © 2007 VASCO Data S

Pagina 2 - Disclaimer

5.2 Authentication Servers Click on the Authentication servers button to open the authentication options. Here we will be able to add the RADIUS se

Pagina 3 - Table of Contents

5.3 Authentication Policy To authenticate on the Firebox, it is necessary you are allowed to see the authentication page. Find the rule WatchGuard

Pagina 4

In the From: field add Any and in the To: field add Firebox. Click OK to complete. Figure 12: Authentication Policy (3) 5.4 Website Proxy Policy T

Pagina 5 - 3 Solution

Select HTTP-proxy under the proxies folder and click Add… to continue. Figure 14: Website Proxy Policy (2) Click the Add… button below the From: fi

Pagina 6 - 4 Technical Concept

Click the Add User… button. Figure 16: Website Proxy Policy (4) Select Firewall as Type and RADIUS as Auth. Server. Make sure you type in the usern

Pagina 7 - 5 WatchGuard Firebox

Note: It might be a though job to add a lot of users this way. This job can also be done by manually editing the configuration *.xml file. Click the

Pagina 8

If you have more then one IP Address pointing to the Firebox, you will have a choice of which External IP Address to use for the connection to the w

Pagina 9

The next screen gives you an overview of the changes made. We only allow some authenticated users to use a NAT mapping to the corporate website. Cli

Pagina 10 - 5.2 Authentication Servers

5.5 Saving Changes When all changes are performed, you must save the current configuration back to the Firebox. This is done by clicking the Save T

Pagina 11 - 5.3 Authentication Policy

6 VACMAN Middleware 6.1 Configure VACMAN Middleware Setting up the VM only requires you to set up a policy to go to the right back-end and to add

Pagina 12 - 5.4 Website Proxy Policy

Disclaimer Disclaimer of Warranties and Limitations of Liabilities This Report is provided on an 'as is' basis, without any other warranti

Pagina 13

There are a few policies available by default. You can also create new policies to suit your needs. Those can be independent policies or inherit the

Pagina 14

In the policy options configure it to use the right back-end server. This could be the local database, but also active directory or another radius s

Pagina 15

Now create a new component by right-clicking the Components and choose New Component. Figure 30: VM configuration (5) As component type choose RADI

Pagina 16

As last we will add the back-end RADIUS authentication server settings. Right-click Back-End Servers and select New Back-End Server… Figure 32: VM

Pagina 17

7 Microsoft IAS In this chapter we will explain how to use IAS as a back-end authentication server. The reason for doing this is because in IAS we

Pagina 18 - 5.5 Saving Changes

There are no vendor specific attributes we need for this message, so select RADIUS Standard as client vendor. Type in the same Shared Secret as you

Pagina 19 - 6 VACMAN Middleware

Select to Set up a custom policy and type in a friendly name for this policy. As you may want to check different groups, it could be appropriate to

Pagina 20

Click the Add… button to add an AD group to the list. Figure 41: IAS configuration (8) Search for the group the user has to belong to and click OK.

Pagina 21

Click Next to continue the wizard. Figure 44: IAS configuration (11) Select the Grant remote access permission and click Next. Figure 45: IAS conf

Pagina 22

Go to the Authentication tab and select Unencrypted authentication (PAP, SPAP) in the list. Figure 47: IAS configuration (14) On the Advanced tab,

Pagina 23

Table of Contents ... 1 DIGIPASS Authentication for WatchGuard Firebox...

Pagina 24 - 7 Microsoft IAS

Select Filter-Id from the list and click Add… Figure 49: IAS configuration (16) Click Add… to enter a new filter string. Figure 50: IAS configurat

Pagina 25

Click OK when the group name is shown in the attribute list. Figure 52: IAS configuration (19) Click Close to go back. Figure 53: IAS configuratio

Pagina 26

You will receive a warning stating you selected different authentication methods. Click No as we don’t need to see additional help topics. Figure 5

Pagina 27

8 User configuration The user creation steps you will find in this chapter are optional when you didn’t activate the option Dynamic User Registrati

Pagina 28

Fill in the username and password fields. Optionally choose the right domain and Organizational Unit and click the Create button. Figure 59: ODBC U

Pagina 29

8.1.2 Import DIGIPASS Right-click the DIGIPASS folder and select Import DIGIPASS... . Figure 61: Import DIGIPASS (1) Browse for your *.DPX file, f

Pagina 30

When the DIGIPASS is imported successfully you will receive a confirmation message. Figure 63: Import DIGIPASS (3) DIGIPASS Authentication for Wa

Pagina 31

8.1.3 DIGIPASS Assignment There are two possible ways to assign a DIGIPASS to a user. You can search for a DIGIPASS and assign it to a user or you

Pagina 32

If you leave the User ID blank and press the Find button, you will get a list of all the available users in the same domain as the DIGIPASS. The use

Pagina 33 - 8 User configuration

8.2 Active Directory installation 8.2.1 User creation User creation, while using an Active Directory back-end, will happen in the Active Directory

Pagina 34

8.2.2 ... 41 Import DIGIPASS8.2.3 ...

Pagina 35 - 8.1.2 Import DIGIPASS

In the DIGIPASS User Account tab you will see a field to manually add a password. This can also be automatically filled by enabling the Password Aut

Pagina 36

8.2.2 Import DIGIPASS To make sure you can see the DIGIPASS folders in the MMC, go to View and select the Advanced Features. This way you will see

Pagina 37 - 8.1.3 DIGIPASS Assignment

Browse for your *.DPX file, fill in the Transport Key and look at your available applications by pushing the Show Applications button. You can eithe

Pagina 38

8.2.3 DIGIPASS assignment There are two possible ways to assign a user to a DIGIPASS. You can search for a DIGIPASS and assign it to a user or you

Pagina 39 - 8.2.1 User creation

If you leave the User ID blank and press the Find button, you will get a list of all the available users in the same domain as the DIGIPASS. The use

Pagina 40

9 Firebox Authentication Test Before you will be able to logon with a known AD user, you will have to create the right global security group in AD.

Pagina 41 - 8.2.2 Import DIGIPASS

9.1 Response Only To authenticate, point your web browser to the authentication service of the Firebox. In our example this is https://62.58.226.22

Pagina 42

When we now try accessing the corporate website, you will see access is granted. In our example this was http://62.58.226.226 Figure 82: Response On

Pagina 43 - 8.2.3 DIGIPASS assignment

9.2 Challenge/Response As we setup everything before to use “Response Only” (using only the generated OTP of a DIGIPASS), you can also use “Challen

Pagina 44

And as you can see in Figure 57, the Firebox is returning you a Challenge to use on your DIGIPASS. Type the Response in the empty field, and click S

Pagina 45

1 Overview The purpose of this document is to demonstrate how to configure VACMAN Middleware (VM) to work with the WatchGuard Firebox. The Firebox

Pagina 46 - 9.1 Response Only

10 VACMAN Middleware features 10.1 Installation The VACMAN Middleware (VM) installation is very easy and straightforward. VM runs on Windows platfor

Pagina 47

The configuration of authentication methods is done within the policy (policies). 10.2.5 Policies Policies specify various settings that affect the

Pagina 48 - 9.2 Challenge/Response

10.3 Administration 10.3.1 Active Directory Users and Computers Extensions Since VACMAN Middleware version 2.3, Managing the users and DIGIPASS ca

Pagina 49

10.3.3 User Self Management Web Site A web site running on IIS has been developed to allow users to register themselves to the VM with their user

Pagina 50 - 10 VACMAN Middleware

11 About VASCO Data Security VASCO designs, develops, markets and supports patented Strong User Authentication products for e-Business and e-Commerc

Pagina 51 - 10.2.9 Virtual DIGIPASS

4 Technical Concept 4.1 General overview The main goal of the WatchGuard Firebox is to perform authentication to secure all kind of firewall conne

Pagina 52 - 10.3 Administration

5 WatchGuard Firebox 5.1 WatchGuard Firebox configuration To change the settings on the Firebox you need to connect to the Firebox through the Wat

Pagina 53

Once connected, you can view the status of the Firebox. Click on the Policy Manager button to view the policy details. Figure 4: WatchGuard Firebox

Pagina 54 - 11 About VASCO Data Security

This way you get a better insight of all the rules present in the Firebox. To view the network settings, you can open Network – Configuration … Fig

Comentarios a estos manuales

Sin comentarios