the setting WebUI HTTP Port. Port number 81 could instead, be used for this setting.
The same is true for HTTPS authentication and the default HTTPS management port number of 443
must also be changed.
HTTP(s) Agent Options
For HTTP and HTTPS authentication there is a set of options in an authentication rule called Agent
Options. These are:
•
Login Type - This can be one of:
i.
HTML form - The user is presented with an HTML page for authentication which is filled
in and the data sent back to NetDefendOS with a POST.
ii.
BASIC authentication - This sends a 401 - Authentication Required message back to the
browser which will cause it to use its own dialog to ask the user for a username/password
combination. A Realm String can optionally be specified which will appear in the
browser's dialog.
HTML form is recommended over BASICAUTH because, in some cases, the browser
might hold the login data in its cache.
iii.
MAC authentication - Authentication is performed for HTTP and HTTPS clients without a
login screen. Instead, the MAC address of the connecting client is used as the username.
The password is the MAC address or a specified string.
MAC authentication is explained further below.
•
If the Agent is set to HTTPS then the Host Certificate and Root Certificate have to be chosen
from a list of certificates already loaded into NetDefendOS.
MAC Address Authentication with HTTP and HTTPS
As mentioned above, with NetDefendOS it is possible to authenticate an HTTP or HTTPS client
automatically using the MAC address of the connecting client's Ethernet interface. This means that
authentication is based only on the identity of the client hardware.
This is useful if the administrator wants to ensure that access is simple for a particular device and
the user is not going to be requred to type in their credentials. The following points should be noted
about this type of authentication:
•
The username sent to the authentication source (for example, a RADIUS server) is always the
MAC address of the client (or the MAC address of an intervening router).
•
If the client connects to the firewall via a router, it is the MAC address of the router and not the
client that is sent to the gateway. If the router MAC address is to be allowed as a substitute for
the client's MAC address then this must be explicitly enabled with the authentication rule option
Allow clients behind router to connect.
NetDefendOS is able to determine that the client is behind a router by checking if the source IP
address is present in its ARP cache.
•
By default, the password sent to the authentication source (for example, a RADIUS server) is
also the MAC address of the client (or the MAC address of an intervening router). However, the
password to be used can be explicitly specified as the authentication rule property MAC Auth
Secret.
•
The MAC address is entered as a text string in the database of the authentication source. This
text string must follow a specific format for the MAC address. The correct format is a series of
8.2.8. HTTP Authentication
Chapter 8. User Authentication
406
Содержание NetDefend DFL-1660
Страница 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Страница 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Страница 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Страница 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Страница 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Страница 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Страница 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Страница 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Страница 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Страница 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Страница 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Страница 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Страница 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Страница 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...