Users can authenticate using a compatible VPN client or a web browser.
Before you begin
To use smart cards for authentication, you must have smart card reader hardware and software.
To use certificate files for authentication, you must save the certificates in a location that is accessible from your web browser.
If the users are authenticating for VPN access, they must authenticate using a compatible VPN client.
CAUTION:
If users authenticate over an unsecured connection, use a one-time password scheme to reduce the risk of unauthorized access.
Steps
-
Access the authentication prompt in one of the following ways:
- Follow the instructions for the VPN client about connecting and authenticating to the firewall.
- Enter the IP address and port of the Firewall to open an authentication page in a web browser.
-
To authenticate using a user name and password, enter the user credentials.
If you only enter your user name without specifying the LDAP domain, the Firewall assumes the default LDAP Domain. If your user
account does not belong to the default LDAP Domain, add the LDAP Domain to the user name with an @-character as a separator.
For
example, type “fred@mobileusers” for the user “fred” in the LDAP Domain “mobileusers.”
-
To authenticate using a client certificate, follow these steps.
-
If you have a smart card, insert the smart card into the smart card reader.
-
If there is more than one certificate on the smart card or on your computer, select the certificate to use for
authentication.
-
(Smart card only) Enter then PIN for the smart card if you are prompted to do so.