WatchGuard Technologies SSL VPN Benutzerhandbuch
Administration Guide
67
Using SafeWord for Authentication
Removing Realms
If you are retiring an authentication server or removing a domain server, you can remove any realm
except for the realm named Default. You can remove the Default realm only if you immediately create a
new realm named Default. For more information, see “Configuring the Default Realm” on page 65.
except for the realm named Default. You can remove the Default realm only if you immediately create a
new realm named Default. For more information, see “Configuring the Default Realm” on page 65.
To remove a realm
1
On the Authentication tab, open the realm you want to remove.
2
On the Action menu, click Remove realm name realm.
The realm is removed.
Note
If you remove the Default realm and do not immediately replace it as described above, the Firebox SSL
VPN Gateway retains the Default realm that you attempted to remove.
VPN Gateway retains the Default realm that you attempted to remove.
Using SafeWord for Authentication
Configuring Secure Computing SafeWord Authentication
The SafeWord product line provides secure authentication using a token-based passcode. After the
passcode is used, it is immediately invalidated by SafeWord and cannot be used again.
The Firebox SSL VPN Gateway supports SafeWord authentication to the following Secure Computing
products:
passcode is used, it is immediately invalidated by SafeWord and cannot be used again.
The Firebox SSL VPN Gateway supports SafeWord authentication to the following Secure Computing
products:
• SafeWord PremierAccess
• SafeWord for Citrix
• SafeWord RemoteAccess
• SafeWord for Citrix
• SafeWord RemoteAccess
Configuring the Firebox SSL VPN Gateway to authenticate using Secure Computing’s SafeWord products
can be done in several ways:
can be done in several ways:
• Configure authentication to use a PremierAccess RADIUS server that is installed as part of SafeWord
PremierAccess and allow it to handle authentication.
• Configure authentication to use the SafeWord IAS agent, which is a component of SafeWord
RemoteAccess, SafeWord for WatchGuard, and SafeWord PremierAccess 4.0.
• Install the SafeWord Web Interface Agent to work with the WatchGuard Web Interface. Authentication
does not have to be configured on the Firebox SSL VPN Gateway and can be handled by the
WatchGuard Web Interface. This configuration does not use the PremierAccess RADIUS server or the
SafeWord IAS Agent.
WatchGuard Web Interface. This configuration does not use the PremierAccess RADIUS server or the
SafeWord IAS Agent.
Configuring SafeWord Settings on the Access Gateway
When configuring the SafeWord server, you need the following information:
• The IP address of the Firebox SSL VPN Gateway. This should be the same as what is configured on the
RADIUS server client configuration.
• A shared secret. This secret is also configured on the Authentication tab on the Firebox SSL VPN
Gateway.
• The IP address and port of the SafeWord server.