Support User Manuals

WatchGuard Technologies SSL VPN Water Heater User Manual

Open as PDF

of 198

Administration Guide 81

Using RSA SecurID for Authentication

8 To create the configuration file for the new or changed Agent Host, go to Agent Host > Generate

Configuration Files.

The file that you generate (sdconf.rec) is what you will upload to the Firebox SSL VPN Gateway, as described in the

next procedure.

Enable RSA SecurID authentication for the Firebox SSL VPN Gateway

You can use the following authorization types with RSA SecureID authentication:

•

RSA authorization

• Local authorization

• LDAP authorization

•No authorization

To enable RSA SecurID authentication

1 Click the Authentication tab.

2In Realm Name, type a name to identify the RSA ACE/Server. Realm names are case-sensitive and

can contain spaces.

3 Select One Source and click Add.

Note

If you want the Default realm to use RSA authentication, remove the Default realm as described in

“Changing the Authentication Type of the Default Realm” on page 65.

4In the Select Authentication Type dialog box, in Authentication Type, select RSA SecurID

Authentication.

5Click OK.

A dialog box for the authentication realm opens.

6 To upload the sdconf.rec file that you generated in the previous procedure, on the Authentication

tab, click Upload sdconf.rec file and use the dialog box to locate and upload the file.

The sdconf.rec file is typically written to ace\data\config_files and to windows\system32.

Note

If an invalid sdconf.rec file is uploaded to the Firebox SSL VPN Gateway, it might cause the Firebox SSL

VPN Gateway to send out messages to non-existent IP addresses. This might be flagged in a network

monitor as network spamming.

• The file status message indicates whether or not an sdconf.rec file was uploaded. If one was

uploaded and you need to replace it, click Upload sdconf.rec file and use the dialog box to

locate and upload the file.

• The first time that a client is successfully authenticated, the

RSA ACE/Server writes some configuration files to the Firebox SSL VPN Gateway. If you

subsequently change the IP address of the Firebox SSL VPN Gateway, click Remove ACE

Configuration Files, restart when prompted, and then upload a new sdconf.rec file.

7 To use LDAP for authorization, click the Authorization tab and complete the settings.

For more information about LDAP settings, see “Using LDAP Servers for Authentication and Authorization” on

page 73. For looking up LDAP server settings, see “Determining Attributes in your LDAP Directory” on page 78.

8Click Submit.

previous next