Support User Manuals

WatchGuard Technologies SSL VPN Water Heater User Manual

Open as PDF

of 198

Using SafeWord for Citrix or SafeWord RemoteAccess for Authentication

68 Firebox SSL VPN Gateway

Configure a SafeWord realm to authenticate users. The Firebox SSL VPN Gateway acts as a SafeWord

agent authenticating on behalf of users logged on using Secure Access Client. If a user is not located on

the SafeWord server or fails authentication, the Access Gateway checks the user against the local user

list if Use the local user database on the Access Gateway is selected on the Settings tab.

To use SafeWord as the Default realm, remove the current Default realm and

create a new one as

described in “To remove and create a Default realm”

To configure SafeWord on the Access Gateway

1 In the Administration Tool, click the Authentication tab.

2Under Add an Authentication Realm, in Realm name, type a name.

3 Select One Source and then click Add.

4In Authentication type, select SafeWord authentication and click OK.

5For the Primary SafeWord server Settings, enter the following settings:

•

In IP Address, type the IP address of the SafeWord server.

• In Port, type the port number for the SafeWord RADIUS server. The default is 1812.

This port must match the number you configured on the RADIUS server.

•

In Server Secret, enter a RADIUS shared secret.

6 The shared secret must match what is configured on the RADIUS server.

7 If there is a second SafeWord server, configure the settings in Secondary SafeWord Server

Settings.

To disable Firebox SSL VPN Gateway authentication

On the Global Cluster Policies tab, under Advanced Options, clear Enable Portal Page Authentica-

tion.

SafeWord PremierAccess Authorization

If you are using SafeWord PremierAccess for authentication, you can use the following authorization

types:

•LDAP

• Local user list

•RADIUS

• No authorization

To configure LDAP authorization, see “To configure LDAP authorization” on page 77.

Using SafeWord for Citrix or SafeWord RemoteAccess for

Authentication

Both Safeword for Citrix and SafeWord RemoteAccess use Microsoft’s Internet Authentication Server

(IAS) to provide RADIUS authentication service to the Firebox SSL VPN Gateway. The IAS RADIUS server

receives authentication requests from the Firebox SSL VPN Gateway and sends the user’s credentials to

SafeWord for verification using an installed SafeWord agent for IAS. Multiple instances of IAS (with the

SafeWord agent for IAS) can be deployed for redundancy.

previous next