Firewall Analyzer provides two more external authentication apart from the local authentication. They are Active Directory authentication and Remote Authentication Dial-in User Service (RADIUS) authentication. If you import users from Active Directory or if you add a RADIUS server details, you will find the Options >> link besides the Login button in the Firewall Analyzer Client UI Login screen. If you click the Options >> link, Log on to field will appear below the Password field. The Log on to field will list the following options:
Enter the User Name and Password. Select one of the three options in Log on to (Local Authentication or Radius Authentication or Domain Name). Click Login button to log in to Firewall Analyzer Client UI.
Users in the AD (Active Directory) can be imported into Firewall Analyzer server. You have to select the required OUs (Organizational Units) under the Listed domains. You can re scan the network to find domains. Login to individual servers of the domain to get the OUs listed and select the OUs as per your requirement. Use the server credentials (User Name & Password) to login to the server. For the first time, all the users will be imported into Firewall Analyzer. On subsequent or periodic imports, only the new user added to the AD will be imported.
The imported users will be added in the Firewall Analyzer server with the following constraints: Access Level as Operator and will have access to all the Firewall devices. |
Procedure to configure AD settings
Click the External Authentication Settings link under the Settings tab to configure the AD user details import, periodic import, and to enable user authentication usage. On clicking the Active Directory tab, the Active Directory Configurations page opens up. In that page, you will find the following sections:
Import users from Active Directory
In this section, you will find Import Users button. Click the button and Import users from Active Directory screen pops-up.
In that screen, you will find the following items:
Domain Name combo box will list all the available domains in the network. Besides the combo box, you will find the Rescan Network link. Clicking the link will re scan the network to find out all the available domains. Select the domain from the combo box as per requirement.
If you want to list the OUs of a particular server, enter the server name in the text box.
If you want to access a server and get list of (Organizational Units) OUs, enter the user name and password of the server in the text boxes.
After entering the server name to be accessed and the credentials for server access, click this button to get the list of (Organizational Units) OUs.
If you want to cancel the access to server and get list of OUs operation canceled, click this button.
In this section, you will find a check box to schedule the import of users periodically from AD and a Save button.
every __ days" check box. Enter the periodicity of user import in days.
Click Save button to save the changes.
In this section, you will find the status (Status: Disabled) of the AD authentication to be used for users imported from AD and Enable button.
Click Enable button to use AD authentication for the users imported from AD. On clicking the button the status will change to Enabled (Status: Enabled) and the Enable button will change to Disable.
You can also leverage the RADIUS authentication for user access bypassing the local authentication provided by Firewall Analyzer.
In the RADIUS server authentication the users credentials are sent to the RADIUS server. The server checks for the user credentials and sends the authentication successful message to Firewall Analyzer server.
Note: If the user has only RADIUS server authentication, create the user in Firewall Analyzer with dummy password. On user logging in with RADIUS server authentication, the dummy password in the local server is ignored and the user credentials are sent to RADIUS server for authentication. Refer the procedure given in the Adding Users document to add a new user with dummy passowrd. |
You can make Firewall Analyzer work with RADIUS server in your environment. This section explains the configurations involved in integrating RADIUS server with Firewall Analyzer.
Procedure to configure RADIUS server settings
To configure RADIUS server in Firewall Analyzer, provide the following basic details about RADIUS server and credentials to establish connection:
Click the External Authentication Settings link under the Settings tab to configure the RADIUS server configuration. On clicking the Radius Server tab, the configuration fields are displayed. In that page, you will find the following fields:
RADIUS Server Settings |
Description |
Radius Server IP |
The IP Address of the machine in which the RADIUS server is running. Enter the host name or IP address of the host where RADIUS server is running |
Radius Server Authentication Port | The port used by the RADIUS server for authenticating users. Enter the port used for RADIUS server authentication. By default, RADIUS has been assigned the UDP port 1812 for RADIUS Authentication. |
Radius Server Protocol |
The protocol used by the RADIUS server for authenticating users. Select the protocol that is used to authenticate users. Choose from four protocols:
|
Radius Server Secret |
The secret string used for connecting RADIUS client (Firewall Analyzer) with the server. Enter the RADIUS secret used by the server for authentication |
Authentication Retries | The number of retries the RADIUS server to permit for authenticating users. Select the number of times you wish to retry authentication in the event of an authentication failure |