WatchGuard Technologies SSL VPN Benutzerhandbuch
Administration Guide
81
Using RSA SecurID for Authentication
8
To create the configuration file for the new or changed Agent Host, go to Agent Host > Generate
Configuration Files.
Configuration Files.
The file that you generate (sdconf.rec) is what you will upload to the Firebox SSL VPN Gateway, as described in the
next procedure.
Enable RSA SecurID authentication for the Firebox SSL VPN Gateway
You can use the following authorization types with RSA SecureID authentication:
• RSA authorization
• Local authorization
• LDAP authorization
• No authorization
• Local authorization
• LDAP authorization
• No authorization
To enable RSA SecurID authentication
1
Click the Authentication tab.
2
In Realm Name, type a name to identify the RSA ACE/Server. Realm names are case-sensitive and
can contain spaces.
can contain spaces.
3
Select One Source and click Add.
Note
If you want the Default realm to use RSA authentication, remove the Default realm as described in
“Changing the Authentication Type of the Default Realm” on page 65
“Changing the Authentication Type of the Default Realm” on page 65
.
4
In the Select Authentication Type dialog box, in Authentication Type, select RSA SecurID
Authentication.
Authentication.
5
Click OK.
A dialog box for the authentication realm opens.
6
To upload the sdconf.rec file that you generated in the previous procedure, on the Authentication
tab, click Upload sdconf.rec file and use the dialog box to locate and upload the file.
tab, click Upload sdconf.rec file and use the dialog box to locate and upload the file.
The sdconf.rec file is typically written to ace\data\config_files and to windows\system32.
Note
If an invalid sdconf.rec file is uploaded to the Firebox SSL VPN Gateway, it might cause the Firebox SSL
VPN Gateway to send out messages to non-existent IP addresses. This might be flagged in a network
monitor as network spamming.
VPN Gateway to send out messages to non-existent IP addresses. This might be flagged in a network
monitor as network spamming.
• The file status message indicates whether or not an sdconf.rec file was uploaded. If one was
uploaded and you need to replace it, click Upload sdconf.rec file and use the dialog box to
locate and upload the file.
locate and upload the file.
• The first time that a client is successfully authenticated, the
RSA ACE/Server writes some configuration files to the Firebox SSL VPN Gateway. If you
subsequently change the IP address of the Firebox SSL VPN Gateway, click Remove ACE
Configuration Files, restart when prompted, and then upload a new sdconf.rec file.
subsequently change the IP address of the Firebox SSL VPN Gateway, click Remove ACE
Configuration Files, restart when prompted, and then upload a new sdconf.rec file.
7
To use LDAP for authorization, click the Authorization tab and complete the settings.
For more information about LDAP settings, see “Using LDAP Servers for Authentication and Authorization” on
page 73. For looking up LDAP server settings, see “Determining Attributes in your LDAP Directory” on page 78.
8
Click Submit.