Administration Guide
165
Scenario 1: Configuring LDAP Authentication and Authorization
Creating an LDAP Authentication and Authorization Realm
Creating an LDAP authentication and authorization realm is the second of five procedures the
administrator performs to configure access to the internal network resources in this scenario.
In this scenario, all of the Sales and Engineering users are listed in a corporate LDAP directory.
To authenticate users listed in an LDAP directory, the administrator must create an authentication
realm that supports LDAP authentication.
To authorize users listed in LDAP directory groups to access the internal network resources, the
administrator selects LDAP Authorization as the authorization type of the realm.
Because all of the users authenticate to the LDAP directory, the administrator sets up the Default
authentication realm to support LDAP authentication and authorization.
To set up the Default realm to support LDAP authentication, the administrator first deletes the
existing Default realm and then immediately creates a new Default realm that supports LDAP
authentication. This new realm includes the address, port, and other LDAP directory information
that the Firebox SSL VPN Gateway needs to connect to the LDAP directory server and resolve
searches for names in the directory.
Note
The existing Default realm on the Firebox SSL VPN Gateway is configured for local authentication. By
deleting the existing Default realm and creating a new Default realm for LDAP, the administrator
simplifies the logon process for the end user. Users who authenticate using the Default realm do not
need to enter the realm name as part of their logon credentials. For more information about realms,
authentication, and authorization, see “Configuring Authentication and Authorization” on page 61.
To complete this procedure, the administrator must have available the LDAP directory information
gathered in the procedure “Collecting the LDAP Directory Information” on page 162" in the
previous task.
To delete the existing Default realm and create a new Default realm that supports LDAP authenti-
cation and authorization
1
In the Firebox SSL VPN Gateway Administration Tool, click the
Authentication
tab.
2
Open the window for the Default realm.
3
On the
Action
menu, select
Remove "Default" realm
. A warning message appears.
4
Click
Yes
.
5
In
Realm Name
, type
Default
.
6
Select
One Source
and click
Add
.
7
At
Select Authentication Type
, select
LDAP authentication
and then click
OK
.
The new Default realm window opens.
8
In the
Authentication
tab of the new Default realm window, complete the fields that enable the
Firebox SSL VPN Gateway to access the LDAP server. (Use the information gathered in the procedure
“Collecting the LDAP Directory Information” on page 162 in the previous task to complete these
fields).
9
Select the
Authorization
tab.
10
In
Authorization type
, select
LDAP authorization
.
11
In the
Authorization
tab, complete the fields that enable the Firebox SSL VPN Gateway to access
the LDAP server.
12
Click
Submit
.
For more information about creating realms, see “Creating Additional Realms” on page 66.
Summary of Contents for Firebox SSL Series
Page 1: ...WatchGuard Firebox SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway ...
Page 40: ...Using the Firebox SSL VPN Gateway 30 Firebox SSL VPN Gateway ...
Page 118: ...Setting the Priority of Groups 108 Firebox SSL VPN Gateway ...
Page 146: ...Managing Client Connections 136 Firebox SSL VPN Gateway ...
Page 168: ...Generating Trusted Certificates for Multiple Levels 158 Firebox SSL VPN Gateway ...
Page 190: ...180 Firebox SSL VPN Gateway ...
Page 198: ...188 Firebox SSL VPN Gateway ...