Define Authentication Method elements for external servers

Authentication Method elements represent the types of authentication provided third-party external authentication servers in user properties and IPv4 Access rules.

You can use the following predefined Authentication Method elements without configuring a custom Authentication Method element:

  • Network Policy Server — This Authentication Method for NPS is automatically used for authentication with Microsoft NPS and Active Directory.
  • LDAP Authentication — You can use this Authentication Method in the properties of LDAP Server or Active Directory Server elements that provide simple password authentication against the external LDAP database.

To use other external authentication servers, or to use an Active Directory server for RADIUS-based authentication, you must define custom Authentication Method elements.

Each Authentication Method element can be associated with one or more servers, but each RADIUS Authentication Server or TACACS+ Authentication Server can only be associated with one Authentication Method element. When multiple servers are associated with the same Authentication Method element, the servers are used as alternative servers if the first contacted server does not respond. All servers associated with the same Authentication Method element must contain identical information for each authenticating user. It is not possible for the user to determine which of the alternative servers is contacted.

Authentication Method elements are used in the following configurations:
  • In directory server element properties and in User and User group properties to specify the allowed authentication methods for the users.
  • In the properties of a RADIUS or TACACS+ Authentication Server, or an Active Directory Server to specify the authentication method offered by the server.
  • In the IPv4 Access rules to specify which authentication method users are required to use.

The RADIUS and TACACS+ protocols are generic communications protocols for user authentication. You can use many different types of authentication methods that use the RADIUS and TACACS+ authentication protocols, such as static passwords, one-time passwords, or any other user name/passcode-type authentication schemes.

Firewalls can also use the Internet Authentication Service (IAS) in previous Windows Server versions or the Network Policy Server (NPS) in Windows Server 2008 to authenticate end users. If you use a Windows Server’s IAS/NPS service for authentication, define Active Directory Server elements instead.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to User Authentication.
  2. Right-click Authentication Methods, then select New Authentication Method.
  3. In the Name field, enter the name, then select the authentication method Type.
  4. Click Add, then select one or more RADIUS or TACACS+ Authentication Servers.
  5. Click OK.

Authentication Method Properties dialog box

Use this dialog box to configure an Authentication Method element for external authentication servers.

Option Definition
Name Enter a unique name for the element.
Type The authentication method type. Select whether you want to use the RADIUS or the TACACS+ protocol.
Authentication Servers Shows the selected RADIUS or TACACS+ Authentication Servers.
Add Opens the Select Element dialog box.
Remove Removes the selected RADIUS or TACACS+ Authentication Server from the Authentication Servers list.
Comment An optional comment for your own reference.