WatchGuard Technologies SSL VPN Benutzerhandbuch
Using SafeWord for Citrix or SafeWord RemoteAccess for Authentication
68
Firebox SSL VPN Gateway
Configure a SafeWord realm to authenticate users. The Firebox SSL VPN Gateway acts as a SafeWord
agent authenticating on behalf of users logged on using Secure Access Client. If a user is not located on
the SafeWord server or fails authentication, the Access Gateway checks the user against the local user
list if Use the local user database on the Access Gateway is selected on the Settings tab.
To use SafeWord as the Default realm, remove the current Default realm and create a new one as
described in “To remove and create a Default realm”
agent authenticating on behalf of users logged on using Secure Access Client. If a user is not located on
the SafeWord server or fails authentication, the Access Gateway checks the user against the local user
list if Use the local user database on the Access Gateway is selected on the Settings tab.
To use SafeWord as the Default realm, remove the current Default realm and create a new one as
described in “To remove and create a Default realm”
To configure SafeWord on the Access Gateway
1
In the Administration Tool, click the Authentication tab.
2
Under Add an Authentication Realm, in Realm name, type a name.
3
Select One Source and then click Add.
4
In Authentication type, select SafeWord authentication and click OK.
5
For the Primary SafeWord server Settings, enter the following settings:
• In IP Address, type the IP address of the SafeWord server.
• In Port, type the port number for the SafeWord RADIUS server. The default is 1812.
• In IP Address, type the IP address of the SafeWord server.
• In Port, type the port number for the SafeWord RADIUS server. The default is 1812.
This port must match the number you configured on the RADIUS server.
• In Server Secret, enter a RADIUS shared secret.
6
The shared secret must match what is configured on the RADIUS server.
7
If there is a second SafeWord server, configure the settings in Secondary SafeWord Server
Settings.
Settings.
To disable Firebox SSL VPN Gateway authentication
On the Global Cluster Policies tab, under Advanced Options, clear Enable Portal Page Authentica-
tion.
tion.
SafeWord PremierAccess Authorization
If you are using SafeWord PremierAccess for authentication, you can use the following authorization
types:
types:
• LDAP
• Local user list
• RADIUS
• No authorization
• Local user list
• RADIUS
• No authorization
Using SafeWord for Citrix or SafeWord RemoteAccess for
Authentication
Authentication
Both Safeword for Citrix and SafeWord RemoteAccess use Microsoft’s Internet Authentication Server
(IAS) to provide RADIUS authentication service to the Firebox SSL VPN Gateway. The IAS RADIUS server
receives authentication requests from the Firebox SSL VPN Gateway and sends the user’s credentials to
SafeWord for verification using an installed SafeWord agent for IAS. Multiple instances of IAS (with the
SafeWord agent for IAS) can be deployed for redundancy.
(IAS) to provide RADIUS authentication service to the Firebox SSL VPN Gateway. The IAS RADIUS server
receives authentication requests from the Firebox SSL VPN Gateway and sends the user’s credentials to
SafeWord for verification using an installed SafeWord agent for IAS. Multiple instances of IAS (with the
SafeWord agent for IAS) can be deployed for redundancy.