beautypg.com

Authentication rules, Section 8.2.5, “authentication rules – Amer Networks E5Web GUI User Manual

Page 535

background image

between the Clavister Security Gateway and the server must be protected. A VPN link
should be used if the link between the two is not local.

Access to the LDAP server itself must also be restricted as passwords will be stored in
plain text.

8.2.5. Authentication Rules

An Authentication Rule should be defined when a client establishing a connection through a
Clavister Security Gateway is to be prompted for a username/password login sequence.

Authentication Rules are set up in a similar way to other cOS Core security policies, and that is by
specifying which traffic is to be subject to the rule. They differ from other policies in that the
connection's

destination

network/interface

is

not

of

interest

but

only

the

source

network/interface of the client being authenticated.

Authentication Rule Properties

An Authentication Rule object has the following properties:

Authentication Agent

The type of traffic being authenticated. This can be one of:

i.

ARPCache

This sends the MAC address of the client's interface to a RADIUS server for
authentication and is applicable to any type of traffic.

This option is explained further in Section 8.3, “ARP Authentication”.

ii.

HTTP

HTTP web connections to be authenticated via a predefined or custom web page (see
the detailed HTTP explanation below).

An IP rule allowing client access to core is also required with this agent type.

ARP authentication can also be done using this option and this is explained further in
Section 8.3, “ARP Authentication”.

iii.

HTTPS

HTTPS web connections to be authenticated via a predefined or custom web page (also
see the detailed HTTP explanation below).

An IP rule allowing client access to core is also required with this agent type.

iv.

XAUTH

This is the IKE authentication method which is used as part of VPN tunnel establishment
with IPsec.

XAuth is an extension to the normal IKE exchange and provides an addition to normal
IPsec security which means that clients accessing a VPN must provide a login username
and password.

It should be noted that an interface value is not entered with an XAuth authentication

Chapter 8: User Authentication

535

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: