1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS336Gv3
    5. /
  5. 24
Page 116 / 203 Scroll up to view Page 111 - 115
Chapter 7:
Managing Users, Authentication, and Certificates
|
116
Managing Users, Authentication, and
Certificates
7
This chapter contains the following sections:
Adding Authentication Domains, Groups, and Users
” on this page.
“Managing Certificates”
on page 124.
Adding Authentication Domains, Groups, and Users
You must create name and password accounts for all users who will connect to the VPN
firewall. This includes administrators and SSL VPN clients. Accounts for IPsec VPN clients
are only needed if you have enabled Extended Authentication (XAUTH) in your IPsec VPN
configuration.
Users connecting to the VPN firewall must be authenticated before being allowed to access
the VPN firewall or the VPN-protected network. The login window presented to the user
requires three items: a user name, a password, and a domain selection. The Domain
determines the authentication method to be used and, for SSL VPN connections, the portal
layout that will be presented.
Note:
IPsec VPN users will always belong to the default domain
(geardomain) and are not assigned to groups.
Except in the case of IPsec VPN users, when you create a user account, you must specify a
group. When you create a group, you must specify a domain. Therefore, you should create
any needed domains first, then groups, then user accounts.
Page 117 / 203
Chapter 7:
Managing Users, Authentication, and Certificates
|
117
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Creating a Domain
The domain determines the authentication method to be used for associated users. For SSL
VPN connections, the domain also determines the portal layout that will be presented, which
in turn determines the network resources to which the associated users will have access.
The default domain of the network storage is named geardomain. You cannot delete the
default domain.
The following table summarizes the authentication protocols and methods that the network
storage supports.
Table 7-8.
Authentication Protocols and Methods
Authentication
Protocol or Method
Description (or Subfield and Description)
PAP
Password Authentication Protocol (PAP) is a simple protocol in which the client
sends a password in clear text.
CHAP
Challenge Handshake Authentication Protocol (CHAP) executes a three-way
handshake in which the client and server trade challenge messages, each
responding with a hash of the other’s challenge message that is calculated using a
shared secret value.
RADIUS
A network-validated PAP or CHAP password-based authentication method that
functions with Remote Authentication Dial In User Service (RADIUS).
MIAS
A network-validated PAP or CHAP password-based authentication method that
functions with Microsoft Internet Authentication Service (MIAS), which is a
component of Microsoft Windows 2003 Server.
WiKID
WiKID Systems is a PAP or CHAP key-based two-factor authentication method that
functions with public key cryptography. The client sends an encrypted PIN to the
WiKID server and receives a one-time pass code with a short expiration period. The
client logs in with the pass code. See Appendix C,
“Two Factor Authentication"
” for
more on WiKID authentication.
NT Domain
A network-validated domain-based authentication method that functions with a
Microsoft Windows NT Domain authentication server. This authentication method
has been superseded by Microsoft Active Directory authentication but is supported to
authenticate legacy Windows clients.
Active Directory
A network-validated domain-based authentication method that functions with a
Microsoft Active Directory authentication server. Microsoft Active Directory
authentication servers support a group and user structure. Because the Active
Directory supports a multilevel hierarchy (for example, groups or organizational
units), this information can be queried to provide specific group policies or
bookmarks based on Active Directory attributes.
Note
: A Microsoft Active Directory database uses an LDAP organization schema.
LDAP
A network-validated domain-based authentication method that functions with a
Lightweight Directory Access Protocol (LDAP) authentication server. LDAP is a
standard for querying and updating a directory. Because LDAP supports a multilevel
hierarchy (for example, groups or organizational units), this information can be
queried to provide specific group policies or bookmarks based on LDAP attributes.
Page 118 / 203
118
|
Chapter 7:
Managing Users, Authentication, and Certificates
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
To create a domain:
1.
Select Users > Domains from the menu. The Domains screen is displayed.
2.
Click
Add
. The Add Domain screen is displayed.
3.
Configure the following fields:
a.
Enter a descriptive name for the domain in the
Domain Name
field.
b.
Select the
Authentication Type
.
The required fields are activated in varying combinations according to your selection of
Authentication Type:
Table 7-9.
Authentication Type and Corresponding Required Fields
Authentication Type
Required Authentication Information Fields
Local User Database
None
Radius-PAP
Authentication Server, Authentication Secret
Radius-CHAP
Authentication Server, Authentication Secret
Page 119 / 203
Chapter 7:
Managing Users, Authentication, and Certificates
|
119
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
c.
From the
Select Portal
drop-down list, select a portal with which this domain will be
associated.
4.
Click
Apply
to save and apply your entries. The Domain screen displays a new domain
row.
5.
If you use local authentication, make sure that it is not disabled: select the
Yes
radio
button in the Local Authentication section of the Domain screen (see ).
WARNING!
If you disable local authentication, make sure that there is at least
one external administrative user otherwise access to the network
storage is blocked.
6.
If you change local authentication, click
Apply
in the Domain screen to save your
settings.
Creating a Group
The use of groups simplifies the configuration of VPN policies when different sets of users will
have different restrictions and access controls.
Note:
Groups that are defined in the User screen are used for setting SSL
VPN policies. These groups should not be confused with LAN
Groups that are defined in the Network Configuration | LAN Settings
| LAN Groups tab, which are used to simplify firewall policies.
Radius-MSCHAP
Authentication Server, Authentication Secret
Radius-MSCHAPv2
Authentication Server, Authentication Secret
WIKID-PAP
Authentication Server, Authentication Secret
WIKID-CHAP
Authentication Server, Authentication Secret
MIAS-PAP
Authentication Server, Authentication Secret
MIAS-CHAP
Authentication Server, Authentication Secret
NT Domain
Authentication Server, Workgroup
Active Directory
Authentication Server, Active Directory Domain
LDAP
Authentication Server, LDAP Base DN
Table 7-9.
Authentication Type and Corresponding Required Fields
(Continued)
Authentication Type
Required Authentication Information Fields
Page 120 / 203
120
|
Chapter 7:
Managing Users, Authentication, and Certificates
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
To create a group:
1.
Select Users > Groups from the menu. The Groups screen is displayed.
2.
Configure the new group settings in the Add New Group section of the screen:
a.
Name
. Enter a descriptive name for the group.
b. Domain
. Select the appropriate domain (only for Administrator or SSL VPN User).
c. Timeout
. For an Administrator, this is the period at which an idle user will be
automatically logged out of the Web Configuration Manager
3.
Click
Add
.
The new group appears in the
List of Groups
table, ready for use in user account setup.
Creating a New User Account
To add individual user accounts:
1.
Select
Users > Users from the menu.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top