beautypg.com

Authentication setup, Setup summary, Local user databases – Amer Networks E5Web GUI User Manual

Page 522

background image

8.2. Authentication Setup

8.2.1. Setup Summary

The following list summarizes the steps for User Authentication setup with cOS Core:

Have an authentication source which consists of a database of users, each with a
username/password combination. Any of the following can be an authentication source:

i.

A local user database internal to cOS Core.

ii.

A RADIUS server which is external to the Clavister Security Gateway.

iii.

An LDAP Server which is also external to the Clavister Security Gateway.

Define an Authentication Rule which describes which traffic passing through the security
gateway is to be authenticated and which authentication source will be used to perform the
authentication. These are described further in Section 8.2.5, “Authentication Rules”.

If required, define an IP object for the IP addresses of the clients that will be authenticated.
This can be associated directly with an authentication rule as the originator IP or can be
associated with an Authentication Group.

Set up IP rules to allow the authentication to take place and also to allow access to resources
by the clients belonging to the IP object set up in the previous step.

The sections that follow describe the components of these steps in detail. These are:

Section 8.2.2, “Local User Databases”

Section 8.2.3, “External RADIUS Servers”

Section 8.2.4, “External LDAP Servers”

Section 8.2.5, “Authentication Rules”

8.2.2. Local User Databases

A Local User Database is a registry internal to cOS Core which contains the profiles of authorized
users and user groups. Combinations of usernames/password can be entered into these with
passwords stored using reversible cryptography for security. By default, a single local user
database exists called AdminUsers. Extra databases can be created by the administrator as
required.

Group Membership

Each user entered into the Local Database can optionally be specified to be a member of one or
more Authentication Groups. These groups are not predefined except for the administrators and
the auditors group described below. Instead they are entered as text strings which are case
sensitive.

Using Groups with IP Rules or IP Policies

Authentication groups are not used directly with Authentication Rule objects but are instead
associated with the source network or destination network IP object used in the IP rule or IP

Chapter 8: User Authentication

522

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: