Administration Guide
85
Configuring Double-Source Authentication
You can prevent the storage of one-time passwords in cache, which forces the user to enter their cre-
dentials again.
To prevent caching of one-time passwords
1
In the Administration Tool, click the
Authentication
tab.
2
Open the authentication realm that uses the one-time password.
3
Select
Use the password one time
and click
Submit
.
Configuring Double-Source Authentication
The Firebox SSL VPN Gateway supports double-source authentication. On the
Authentication
tab, you
can configure two types of authentication, such as LDAP and RSA SecurID for one realm. When users log
on to the Firebox SSL VPN Gateway using a Web browser, and double-source authentication is config-
ured, they are redirected automatically to a logon Web portal page. There, they type in their user name
and passwords for each type of authentication. If they are using the Secure Access Client to log on, the
Secure Access dialog box appears requesting the same information as the Web page.
There can be a mix of double-source authentication realms. For example, you can have one or more
realms for single authentication and then have one or more realms configured for double-source
authentication. In a mixed authentication environment, when users log on using either the Web
browser or Secure Access Client, they will see two password fields. If they are logging on using only one
authentication method, the second password field is left blank.
For more information about logging on using the Web-based portal page, see “Double-source Authen-
tication Portal Page” on page 43.
To create and configure a double-source authentication realm
1
On the
Authentication
tab, click
Authentication
.
2
In
Realm Name
, type a name.
3
Select
Two Source
and then click
Add
.
4
In the
Select Authentication Type
dialog box, select the authentication types in
Primary
Authentication Type
and
Secondary Authentication Type
.
5
Click
Add
.
6
On the
Primary Authentication
tab, configure the settings for the first authentication type and
click
Submit
.
7
On the
Secondary Authentication
tab, configure the settings for the second authentication type
and click
Submit
.
8
On the
Authorization
tab, in
Authorization Type
, select the authorization type you want to use,
configure the settings, and click
Submit
.
Double-source authentication works in reverse of how it is configured on the Firebox SSL VPN Gateway.
For example, if you configured RSA SecurID on the
Secondary Authentication
tab and LDAP on the
Primary Authentication
tab, when users log on, they type their LDAP password in the first password
field and the RSA SecurID personal identification number (PIN) and passcode in the second password
field. When users click
Connect
, the Firebox SSL VPN Gateway authenticates using the RSA SecureID PIN
Summary of Contents for SSL 1000
Page 1: ...WatchGuard Firebox SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway...
Page 40: ...Using the Firebox SSL VPN Gateway 30 Firebox SSL VPN Gateway...
Page 118: ...Setting the Priority of Groups 108 Firebox SSL VPN Gateway...
Page 146: ...Managing Client Connections 136 Firebox SSL VPN Gateway...
Page 168: ...Generating Trusted Certificates for Multiple Levels 158 Firebox SSL VPN Gateway...
Page 190: ...180 Firebox SSL VPN Gateway...
Page 198: ...188 Firebox SSL VPN Gateway...