Amer Networks E5Web GUI User Manual

usernames that will be allowed are user1@mydomain and user2@mydomain.

It is also assumed that the Clavister Authentication Agent software has already been installed on a
single external Windows domain controller server and is configured with the IPv4 address
defined by the address book object aa_server_ip and the pre-shared key defined by the
aa_server_key PSK object.

It is assumed that the domain has only one domain controller server.

Command-Line Interface

Define an Authentication Agent object that describes the external server:

Device:/> add AuthAgent

IPAddress=aa_server_ip
PSK=aa_server_key
Name=my_auth_agent

Assign the permitted usernames to the network object for client IPs:

Device:/> add Address IP4Address client_net

UserAuthGroups=user1@mydomain,user2@mydomain

Create an IP Policy which allows access and uses client_net as the source network.

Device:/main> add IPPolicy

Name=client_to_server
SourceInterface=If1
SourceNetwork=client_net
DestinationInterface=If2
DestinationNetwork=server_net
Service=http-all
Action=Allow

InControl

Follow the same steps used for the Web Interface below.

Web Interface

Define the Authentication Agent object that describes the external server:

1.

Go to:
Policies > Authentication > Authentication Agents > Add > Authentication Agent

2.

Now enter:

•

Name: my_auth_agent

•

IP Address: aa_server_ip

•

Pre-shared key: aa_server_key

3.

Click OK

Assign the permitted usernames to the network object for client IPs:

1.

Go to: Objects > Address Book > client_net

Chapter 8: User Authentication

552