Support User Manuals

WatchGuard Technologies SSL VPN Water Heater User Manual

Open as PDF

of 198

Administration Guide 67

Using SafeWord for Authentication

Removing Realms

If you are retiring an authentication server or removing a domain server, you can remove any realm

except for the realm named Default. You can remove the Default realm only if you immediately create a

new realm named Default. For more information, see “Configuring the Default Realm” on page 65.

To remove a realm

1On the Authentication tab, open the realm you want to remove.

2On the Action menu, click Remove realm name realm.

The realm is removed.

Note

If you remove the Default realm and do not immediately replace it as described above, the Firebox SSL

VPN Gateway retains the Default realm that you attempted to remove.

Using SafeWord for Authentication

Configuring Secure Computing SafeWord Authentication

The SafeWord product line provides secure authentication using a token-based passcode. After the

passcode is used, it is immediately invalidated by SafeWord and cannot be used again.

The Firebox SSL VPN Gateway supports SafeWord authentication to the following Secure Computing

products:

•

SafeWord PremierAccess

• SafeWord for Citrix

• SafeWord RemoteAccess

Configuring the Firebox SSL VPN Gateway to authenticate using Secure Computing’s SafeWord products

can be done in several ways:

•

Configure authentication to use a PremierAccess RADIUS server that is installed as part of SafeWord

PremierAccess and allow it to handle authentication.

• Configure authentication to use the SafeWord IAS agent, which is a component of SafeWord

RemoteAccess, SafeWord for WatchGuard, and SafeWord PremierAccess 4.0.

• Install the SafeWord Web Interface Agent to work with the WatchGuard Web Interface. Authentication

does not have to be configured on the Firebox SSL VPN Gateway and can be handled by the

WatchGuard Web Interface. This configuration does not use the PremierAccess RADIUS server or the

SafeWord IAS Agent.

Configuring SafeWord Settings on the Access Gateway

When configuring the SafeWord server, you need the following information:

•

The IP address of the Firebox SSL VPN Gateway. This should be the same as what is configured on the

RADIUS server client configuration.

•

A shared secret. This secret is also configured on the Authentication tab on the Firebox SSL VPN

Gateway.

•

The IP address and port of the SafeWord server.

previous next