Filter
Top Products
Administration Guide 165
Scenario 1: Configuring LDAP Authentication and Authorization
Creating an LDAP Authentication and Authorization Realm
Creating an LDAP authentication and authorization realm is the second of five procedures the
administrator performs to configure access to the internal network resources in this scenario.
In this scenario, all of the Sales and Engineering users are listed in a corporate LDAP directory.
To authenticate users listed in an LDAP directory, the administrator must create an authentication
realm that supports LDAP authentication.
To authorize users listed in LDAP directory groups to access the internal network resources, the
administrator selects LDAP Authorization as the authorization type of the realm.
Because all of the users authenticate to the LDAP directory, the administrator sets up the Default
authentication realm to support LDAP authentication and authorization.
To set up the Default realm to support LDAP authentication, the administrator first deletes the
existing Default realm and then immediately creates a new Default realm that supports LDAP
authentication. This new realm includes the address, port, and other LDAP directory information
that the Firebox SSL VPN Gateway needs to connect to the LDAP directory server and resolve
searches for names in the directory.
Note
The existing Default realm on the Firebox SSL VPN Gateway is configured for local authentication. By
deleting the existing Default realm and creating a new Default realm for LDAP, the administrator
simplifies the logon process for the end user. Users who authenticate using the Default realm do not
need to enter the realm name as part of their logon credentials. For more information about realms,
authentication, and authorization, see “Configuring Authentication and Authorization” on page 61.
To complete this procedure, the administrator must have available the LDAP directory information
gathered in the procedure “Collecting the LDAP Directory Information” on page 162" in the
previous task.
To delete the existing Default realm and create a new Default realm that supports LDAP authenti-
cation and authorization
1 In the Firebox SSL VPN Gateway Administration Tool, click the Authentication tab.
2 Open the window for the Default realm.
3 On the Action menu, select Remove "Default" realm. A warning message appears.
4 Click Ye s .
5 In Realm Name, type Default.
6 Select One Source and click Add.
7 At Select Authentication Type, select LDAP authentication and then click OK.
The new Default realm window opens.
8 In the Authentication tab of the new Default realm window, complete the fields that enable the
Firebox SSL VPN Gateway to access the LDAP server. (Use the information gathered in the procedure
“Collecting the LDAP Directory Information” on page 162 in the previous task to complete these
fields).
9 Select the Authorization tab.
10 In Authorization type, select LDAP authorization.
11 In the Authorization tab, complete the fields that enable the Firebox SSL VPN Gateway to access
the LDAP server.
12 Click Submit.
For more information about creating realms, see “Creating Additional Realms” on page 66.