D-Link DFL-2500 User Guide - Page 154
Authentication Agents
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 154 highlights
17.2. Authentication Components 135 authentication information. When there are more than one firewall in the network and thousands of users added or removed constantly, the administrator will not have to configure and maintain separate databases of authorized user profiles on each firewall. Instead, the external server can validate the username/password against its central database, which is easily administered. D-Link firewalls support the use of RADIUS(Remote Authentication Dial-in User Service) Server to offer external authentication feature. RADIUS is currently the most prevalent standard for remote authentication. As the protocol defines, it uses PPP to transfer the username/password message between RADIUS client and the server, and hence, applies the same authentication schemes as PPP, like PAP and CHAP. Originally developed for dial-up remote access, RADIUS is now supported by VPN, wireless access points, and other network access types. A RADIUS client, i.e. D-Link firewall, sends user credentials and connection parameter information in the form of a RADIUS message to a RADIUS server. The RADIUS server maintains all the users and user groups profiles. It authenticates and authorizes the RADIUS client request, and sends back a RADIUS message response. RADIUS authentication messages are sent as UDP messages via UDP port 1812. One or more external servers can be defined in the firewall to improve the availability of the RADIUS system. To provide security for RADIUS messages, a common shared secret is configured on both the RADIUS client and the server. The shared secret enables basic encryption of the user's password when the RADIUS message is transmitted from the RADIUS client to the server, and is commonly configured as a relatively long text string. It can contain up to 100 characters and is case sensitive. 17.2.3 Authentication Agents Four different agents built in the firewall can be used to perform username/password authentication. They are: • HTTP - Authentication via web browsing. Users surf on the firewall and login either through a HTML form or a 401 Authentication Required dialog. D-Link Firewalls User's Guide