beautypg.com

Authentication processing, Http authentication – D-Link DFL-2500 User Manual

Page 223

background image

combination.

Allow only one login per username.

Allow one login per username and logout an existing user with the same name if they have been
idle for a specific length of time when the new login occurs.

8.2.5. Authentication Processing

The list below describes the processing flow through NetDefendOS for username/password
authentication:

1.

A user creates a new connection to the D-Link Firewall.

2.

NetDefendOS sees the new user connection on an interface and checks the Authentication rule
set
to see if their is a matching rule for traffic on this interface, coming from this network and
data which is one of the following types:

HTTP traffic

HTTPS traffic

IPsec tunnel traffic

L2TP tunnel traffic

PPTP tunnel traffic

3.

If no Authentication Rule matches, the connection is allowed if the IP rule set permits it and
nothing further happens in the authentication process.

4.

Based on the settings of the matching authentication rule, NetDefendOS prompts the user with
an authentication request.

5.

The user replies by entering their identification information which is usually a
username/password pair.

6.

NetDefendOS validates the information against the Authentication Source specified in the
authentication rule. This will be either a local NetDefendOS database or an external RADIUS
database server.

7.

NetDefendOS then allows further traffic through this connection as long as authentication was
successful and the service requested is allowed by a rule in the IP rule set. That rule's Source
Network object has either the No Defined Credentials option enabled or alternatively it is
associated with a group and the user is also a member of that group.

8.

If a timeout restriction is specified in the authentication rule then the authenticated user will be
automatically logged out after that length of time without activity.

Any packets from an IP address that fails authentication are discarded (unless they are caught be
another rule).

8.2.6. HTTP Authentication

Where users are communicating through a web browser using the HTTP protocol then
authentication can be done by presenting the user with HTML pages to retrieve required user
information. This is sometimes referred to as WebAuth and the setup requires further considerations.

8.2.5. Authentication Processing

Chapter 8. User Authentication

223