1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 58
Page 286 / 414 Scroll up to view Page 281 - 285
Virtual Private Networking Using SSL Connections
286
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Figure 175.
Page 287 / 414
287
8
8.
Manage Users, Authentication, and
VPN Certificates
This chapter describes how to manage users, authentication, and security certificates for IPSec
VPN and SSL VPN. This chapter contains the following sections:
The Wireless VPN Firewall’s Authentication Process and Options
Configure Authentication Domains, Groups, and Users
Manage Digital Certificates for VPN Connections
The Wireless VPN Firewall’s Authentication Process and
Options
Users are assigned to a group, and a group is assigned to a domain. Therefore, you should
first create any domains, then groups, then user accounts.
Note:
Do not confuse the authentication groups with the LAN groups that
are discussed in
Manage IPv4 Groups and Hosts (IPv4 LAN
Groups)
on page 64.
You need to create name and password accounts for all users who need to be able to
connect to the wireless VPN firewall. This includes administrators, guests, and SSL VPN
clients. Accounts for IPSec VPN clients are required only if you have enabled extended
authentication (XAUTH) in your IPSec VPN configuration.
Users connecting to the wireless VPN firewall need to be authenticated before being allowed
to access the wireless VPN firewall or the VPN-protected network. The login screen that is
presented to the user requires three items: a user name, a password, and a domain
selection. The domain determines the authentication method that is used and, for SSL
connections, the portal layout that is presented.
Note:
IPSec VPN users always belong to the default domain
(geardomain) and are not assigned to groups.
Page 288 / 414
Manage Users, Authentication, and VPN Certificates
288
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Except in the case of IPSec VPN users, when you create a user account, you need to specify
a group. When you create a group, you need to specify a domain.
The following table summarizes the external authentication protocols and methods that the
wireless VPN firewall supports.
Table 70.
External authentication protocols and methods
Authentication
Protocol or Method
Description
PAP
Password Authentication Protocol (PAP) is a simple protocol in which the client sends a
password in clear text.
CHAP
Challenge Handshake Authentication Protocol (CHAP) executes a three-way handshake
in which the client and server trade challenge messages, each responding with a hash of
the other’s challenge message that is calculated using a shared secret value.
RADIUS
A network-validated PAP or CHAP password-based authentication method that functions
with Remote Authentication Dial In User Service (RADIUS).
MIAS
A network-validated PAP or CHAP password-based authentication method that functions
with Microsoft Internet Authentication Service (MIAS), which is a component of Microsoft
Windows 2003 Server.
WiKID
WiKID Systems is a PAP or CHAP key-based two-factor authentication method that
functions with public key cryptography. The client sends an encrypted PIN to the WiKID
server and receives a one-time passcode with a short expiration period. The client logs in
with the passcode. See
Appendix B, Two-Factor Authentication
, for more on WiKID
authentication.
NT Domain
A network-validated domain-based authentication method that functions with a Microsoft
Windows NT Domain authentication server. This authentication method has been
superseded by Microsoft Active Directory authentication but is supported to authenticate
legacy Windows clients.
Active Directory
A network-validated domain-based authentication method that functions with a Microsoft
Active Directory authentication server. Microsoft Active Directory authentication servers
support a group and user structure. Because the Active Directory supports a multilevel
hierarchy (for example, groups or organizational units), this information can be queried to
provide specific group policies or bookmarks based on Active Directory attributes.
Note:
A Microsoft Active Directory database uses an LDAP organization schema.
LDAP
A network-validated domain-based authentication method that functions with a
Lightweight Directory Access Protocol (LDAP) authentication server. LDAP is a standard
for querying and updating a directory. Because LDAP supports a multilevel hierarchy (for
example, groups or organizational units), this information can be queried to provide
specific group policies or bookmarks based on LDAP attributes.
Page 289 / 414
Manage Users, Authentication, and VPN Certificates
289
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Configure Authentication Domains, Groups, and Users
This section contains the following subsections:
Configure Domains
Configure Groups
Configure User Accounts
Set User Login Policies
Change Passwords and Other User Settings
Configure Domains
The domain determines the authentication method to be used for associated users. For SSL
connections, the domain also determines the portal layout that is presented, which in turn
determines the network resources to which the associated users have access. The default
domain of the wireless VPN firewall is named geardomain. You cannot delete the default
domain.
Create Domains
To create a domain:
1.
Select
Users > Domains
. The Domains screen displays. (The following figure shows
the wireless VPN firewall’s default domain—geardomain—and, as an example, other
domains in the List of Domains table.)
Figure 176.
Page 290 / 414
Manage Users, Authentication, and VPN Certificates
290
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
The List of Domains table displays the domains with the following fields:
Check box
.
Allows you to select the domain in the table.
Domain Name
. The name of the domain. The name of the default domain
(geardomain) to which the default SSL-VPN portal is assigned is appended by an
asterisk.
Authentication Type
. The authentication method that is assigned to the domain.
Portal Layout Name
. The SSL portal layout that is assigned to the domain.
Action
. The Edit table button, which provides access to the Edit Domain screen.
2.
Under the List of Domains table, click the
Add
table button. The Add Domain screen
displays:
Figure 177.
3.
Complete the settings as explained in the following table:
Table 71.
Add Domain screen settings
Setting
Description
Domain Name
A descriptive (alphanumeric) name of the domain for identification and
management purposes.
Authentication Type
From the drop-down list, select the authentication method that the wireless VPN
firewall applies:
Local User Database (default)
. Users are authenticated locally on the wireless
VPN firewall. This is the default setting. You do not need to complete any other
fields on this screen.
Radius-PAP
. RADIUS Password Authentication Protocol (PAP). Complete the
following fields:
- Authentication Server
- Authentication Secret

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top