Administration Guide
63
Configuring Authentication and Authorization
Configuring Authentication without Authorization
The Firebox SSL VPN Gateway can be configured to authenticate users without requiring authorization.
When users are not authorized, the Firebox SSL VPN Gateway does not perform a group authorization
check. The settings from the Default user group are assigned to the user.
To remove authorization requirements from the Firebox SSL VPN Gateway
1
On the
Authentication
tab, select an authorization realm.
2
On the
Authorization
tab, in
Authorization type
, select
No authorization
.
The Default Realm
The Firebox SSL VPN Gateway has a permanent realm named Default with the following characteristics:
• For a new installation, the Default realm is configured for local authentication.
• The authentication type of the Default realm can be changed.
• The Default realm cannot be removed unless you immediately replace it with a new Default
realm.
• The Default realm is assumed when a user enters only a user name when logging on to the
Firebox SSL VPN Gateway.
When a user logs on to any other realm, the user must log on using
realmName\userName
. Therefore, if
all of your users are authenticated against one authentication server, configure the Default realm for
that type of authentication so that users do not have to enter a realm name when logging on.
Using a Local User List for Authentication
For a new installation, the Default realm is set to local authentication. This enables users to log on to the
Firebox SSL VPN Gateway without having to enter a realm name.
If some users authenticate only against the local user list on the Firebox SSL VPN Gateway, you can keep
the Default realm set to local authentication. Alternatively, you can create a different realm for local
authentication and use the Default realm for another authentication type, as described in “To remove
and create a Default realm”.
If all users authenticate against authentication servers, you do not need a realm for local authentication.
The Firebox SSL VPN Gateway can check the local user database on the appliance for authentication
information if a user fails to authenticate on another authentication server. For example, If you are using
LDAP and the authentication fails, users can log on using the local user database.
To authenticate using the local user list on the
Firebox SSL VPN
Gateway
1
On the
Authentication
tab, open the authentication realm on which you
2
want to configure local authentication.
3
Click the
Settings
tab.
4
Select
Use the local user database on the
Firebox SSL VPN
Gateway
.
5
Click
Submit
.
Note
This check box is unavailable if the realm is configured for local authentication
Summary of Contents for Firebox SSL Series
Page 1: ...WatchGuard Firebox SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway ...
Page 40: ...Using the Firebox SSL VPN Gateway 30 Firebox SSL VPN Gateway ...
Page 118: ...Setting the Priority of Groups 108 Firebox SSL VPN Gateway ...
Page 146: ...Managing Client Connections 136 Firebox SSL VPN Gateway ...
Page 168: ...Generating Trusted Certificates for Multiple Levels 158 Firebox SSL VPN Gateway ...
Page 190: ...180 Firebox SSL VPN Gateway ...
Page 198: ...188 Firebox SSL VPN Gateway ...