Administration Guide 63
Configuring Authentication and Authorization
Configuring Authentication without Authorization
The Firebox SSL VPN Gateway can be configured to authenticate users without requiring authorization.
When users are not authorized, the Firebox SSL VPN Gateway does not perform a group authorization
check. The settings from the Default user group are assigned to the user.
To remove authorization requirements from the Firebox SSL VPN Gateway
1On the Authentication tab, select an authorization realm.
2On the Authorization tab, in Authorization type, select No authorization.
The Default Realm
The Firebox SSL VPN Gateway has a permanent realm named Default with the following characteristics:
• For a new installation, the Default realm is configured for local authentication.
• The authentication type of the Default realm can be changed.
• The Default realm cannot be removed unless you immediately replace it with a new Default
realm.
• The Default realm is assumed when a user enters only a user name when logging on to the
Firebox SSL VPN Gateway.
When a user logs on to any other realm, the user must log on using realmName\userName. Therefore, if
all of your users are authenticated against one authentication server, configure the Default realm for
that type of authentication so that users do not have to enter a realm name when logging on.
Using a Local User List for Authentication
For a new installation, the Default realm is set to local authentication. This enables users to log on to the
Firebox SSL VPN Gateway without having to enter a realm name.
If some users authenticate only against the local user list on the Firebox SSL VPN Gateway, you can keep
the Default realm set to local authentication. Alternatively, you can create a different realm for local
authentication and use the Default realm for another authentication type, as described in “To remove
and create a Default realm”.
If all users authenticate against authentication servers, you do not need a realm for local authentication.
The Firebox SSL VPN Gateway can check the local user database on the appliance for authentication
information if a user fails to authenticate on another authentication server. For example, If you are using
LDAP and the authentication fails, users can log on using the local user database.
To authenticate using the local user list on the
Firebox SSL VPN
Gateway
1On the Authentication tab, open the authentication realm on which you
2 want to configure local authentication.
3Click the Settings tab.
4 Select Use the local user database on the Firebox SSL VPN Gateway.
5Click Submit.
Note
This check box is unavailable if the realm is configured for local authentication