Using RSA SecurID for Authentication
84 Firebox SSL VPN Gateway
Note
Note: When 0 (zero) is entered as the port, the Access Gateway attempts to automatically detect a port
number for this connection.
8In Time-out (in seconds), enter the number of seconds within which the authentication attempt
must complete. If the authentication does not complete within this time interval, it fails.
9Click Submit.
Configuring NTLM Authorization
A Windows NT 4.0 domain controller maintains group accounts. A group account is a collection of indi-
vidual user domain accounts (and other accounts).
To configure NTLM authorization, you click the Authorization tab in the authentication realm and enter
the address and port that the Firebox SSL VPN Gateway uses to connect to the Windows NT 4.0 domain
controller. You also specify a time-out value in which an authorization attempt to the Windows NT
server must complete.
After a user successfully authenticates, the domain controller returns to the Firebox SSL VPN Gateway a
list of all global groups of which the authenticated user is a member.
The Firebox SSL VPN Gateway then looks for a user group name on the Firebox SSL VPN Gateway that
matches the name of a Windows NT 4.0 global group to which the user belongs. If the Firebox SSL VPN
Gateway finds a match, the user is granted the authorization privileges to the internal networks that are
associated with the user group on the Firebox SSL VPN Gateway.
To configure NTLM authorization
1Click the Authentication tab and open the authentication realm for which you want to enable NTLM
authorization.
2Click the Authorization tab.
3In Authorization type, select NTLM authorization.
4In Server IP Address or FQDN, type the FQDN or IP address of the Windows NT 4.0 domain
controller that will perform the NTLM authorization.
5In Server Port, type the port number.
The default port entry for NTLM authentication connections is 139.
Note
Note: When 0 (zero) is entered as the port, the Firebox SSL VPN Gateway attempts to automatically
detect a port number for this connection.
6In Timeout (in seconds), enter the number of seconds within which the authorization attempt must
complete before the authentication attempt is abandoned.
7Click Submit.
Configuring Authentication to use One-Time Passwords
If authentication on the Firebox SSL VPN Gateway is configured to use a one-time password with
RADIUS, such as provided by an RSA SecurID token, the Firebox SSL VPN Gateway attempts to reauthen-
ticate users using the cached password. This occurs when changes are made to the Firebox SSL VPN
Gateway using the Administration Tool or if the connection between the Secure Access Client and the
Firebox SSL VPN Gateway is interrupted and then restored.