Filter
Top Products
Administration Guide 71
Using RADIUS Servers for Authentication and Authorization
18 In the Add Attributes dialog box, select Vendor-Specific and click Add.
19 In the Vendor-Specific Attribute Information dialog box, choose Select from list and accept the
default RADIUS=Standard.
The Firebox SSL VPN Gateway needs the Vendor-Specific Attribute to match the users defined in the group on the
server with those on the Firebox SSL VPN Gateway.
This is done by sending the Vendor-Specific Attributes to the Firebox SSL VPN Gateway
20 The RADIUS default is 0. When configuring RADIUS authorization on the Firebox SSL VPN Gateway,
in the field Vendor Code, use this default number.
21 Click Yes. It conforms and then click Configure Attribute.
22 Under Vendor-assigned attribute number, type 0.
This is the assigned number for the User Group attribute. The attribute is in string format. The default is 0.
23 In Attribute format, select String.
24 In Attribute value, type the attribute name and the groups.
For the Firebox SSL VPN Gateway, the attribute value is CTXSUserGroups=
groupname
. If two groups are defined,
such as sales and finance, the attribute value is CTXSUserGroups=sales;finance. Separate each group with a
semicolon.
25 Click OK.
26 In the Edit Dial-in Profile dialog box, remove all the other entries, leaving the one that says
Vendor-Specific.
27 Click OK.
When you are finished configuring the Remote Access Policy in IAS, go to the Firebox SSL VPN Gateway
and configure the RADIUS authentication and authorization.