WatchGuard x1000 用户指南
Configuring CRYPTOCard Server Authentication
User Guide
173
To configure the RADIUS server
1
Add the IP address of the Firebox where appropriate
according to the RADIUS server vendor.
according to the RADIUS server vendor.
Some RADIUS vendors may not require this. To determine if this
is required for your implementation, check the RADIUS server
vendor documentation.
2
Take the user or group aliases gathered from the Add
Address dialog box from each service (double-click the
service icon, select Incoming and Allowed on the
Incoming tab, and click Add) and add them to the
defined Filter-IDs in the RADIUS configuration file.
For more information, consult the RADIUS server
documentation.
Address dialog box from each service (double-click the
service icon, select Incoming and Allowed on the
Incoming tab, and click Add) and add them to the
defined Filter-IDs in the RADIUS configuration file.
For more information, consult the RADIUS server
documentation.
For example, to add the groups Sales, Marketing, and
Engineering enter:
Filter-Id=”Sales”
Filter-Id=”Marketing”
Filter-Id=”Engineering”
N
OTE
The filter rules for RADIUS user filter-IDs are case sensitive.
Configuring CRYPTOCard Server
Authentication
Authentication
CRYPTOCard is a hardware-based authentication system
that allows users to authenticate by way of the CRYPTO-
Card challenge response system which includes off-line
hashing of passwords. It enables you to authenticate indi-
viduals independent of the hosts they are on.
that allows users to authenticate by way of the CRYPTO-
Card challenge response system which includes off-line
hashing of passwords. It enables you to authenticate indi-
viduals independent of the hosts they are on.
Configuring WatchGuard CRYPTOCard server authentica-
tion assumes that you have acquired and installed a CRYP-
TOCard server according to the manufacturer’s
instructions, and that the server is accessible for authenti-
cations to the Firebox.
tion assumes that you have acquired and installed a CRYP-
TOCard server according to the manufacturer’s
instructions, and that the server is accessible for authenti-
cations to the Firebox.
To add or remove services accessible by CRYPTOCard
authenticated users, add the CRYPTOCard user or group
authenticated users, add the CRYPTOCard user or group