8
Chapter
153
Authentication
Authentication profiles
Authentication
refers
to
the
process
of
checking
and
verifying
credentials
of
external
users
before
allowing
them
access
to
requested
resources
through
the
SEG.
The
resources
could
be
public
Internet
access
from
an
internal
network,
access
to
an
internal
server
from
an
external
user
via
VPN,
or
perhaps
administrator
access
to
the
SEG
itself.
The
SEG
objects
that
control
authentication
are
Authentication
Profiles
.
Each
profile
defines
a
set
of
parameters
for
performing
authentication.
In
particular,
a
profile
defines
the
Authentication
Source
,
which
could
be
an
internal
SEG
database
or
an
external
database
such
as
a
RADIUS
server.
To
be
useful,
authentication
profiles
must
be
associated
with
other
objects.
For
example,
an
IPsec
interface
can
have
a
profile
associated
with
it
so
that
roaming
clients
that
connect
through
the
IPsec
tunnel
trigger
the
authentication
described
by
the
profile.
An
authentication
profile
has
the
following
properties:
•
Agent
Type
This
is
the
type
of
authentication
that
will
be
used.
The
choices
are:
•
BASIC:
This
is
the
default
and
indicates
standard
username/password
authentication.
For
example,
the
profile
associated
with
the
RemoteMgmtSSH
object
to
allow
administration
SSH
access
should
have
this
type.
•
EAP:
This
option
is
used
in
I
‐
WLAN
scenarios
with
IKEv2
IPsec
tunnels.
•
Authentication
Source
This
database
used
for
authentication.
The
choices
are:
•
Local
user
database(s)
•
RADIUS
server
When
using
multiple
sources,
there
are
further
options.
The
choices
are:
•
Continue
on
no
response
from
the
source
and
try
the
next
source
in
the
profile.
•
Continue
on
failed
validation
and
try
validation
with
the
next
source
in
the
profile.
By
default,
this
option
is
deactivated.
•
Load
balance
using
round
‐
robin.
Each
authentication
source
will
be
used
sequentially
by
sequential
triggers.
By
default,
this
option
is
deactivated.
