User authentication configuration overview

Authentication methods define the authentication method used by particular users and user groups.

The following illustration shows how user authentication elements are configured.

Figure: Elements in the configuration



1
User
2
Authentication Method
3
Active Directory Server, LDAP Server, RADIUS Authentication Server, or TACACS+ Authentication Server
4
Firewall Policy
5
User Group

External RADIUS or TACACS+ authentication servers are configured as RADIUS Authentication Server or TACACS+ Authentication Server elements. RADIUS or TACACS+ authentication servers can be located in any network that allows them to communicate with the firewall that has an authentication rule in its policy. Authentication Method elements are associated with authentication servers to define the allowed authentication methods for the server, or the servers that use a particular authentication method.

Authentication Method elements define the allowed authentication methods for IPv4 Access rules and for the Users and User Groups. Both User and User Group elements can be used in IPv4 Access rules to define rules that only match connections from specific, successfully authenticated users. A specific Authentication Method definition is needed in each IPv4 Access rule especially when the Users and User Groups have several allowed Authentication Methods. Otherwise, the rules can allow any defined Authentication Method that is allowed for the included users.

Follow these general steps to configure user authentication:
  1. (Optional) Create server elements and Authentication Method elements for external authentication services.
  2. Add an authentication requirement to the relevant IPv4 Access rules.
  3. (Stonesoft VPN Client authentication) Install the Stonesoft VPN Client software on the users’ computers. See the Stonesoft VPN Client documentation for more information.
  4. (Browser-based Authentication) Configure the authentication prompt:
    • Enable users to authenticate using a browser-based authentication prompt.
    • Customize the authentication prompt.