End users can authenticate and re-authenticate using a compatible VPN client or a web browser.
Before you begin
To use smart cards for authentication, you must have smart card reader hardware and software.
To use certificate files for authentication, you must save the certificates in a location that is accessible from your web browser.
If the users are authenticating for VPN access, they must authenticate using a compatible VPN client.
CAUTION:
If users authenticate over an unsecured connection, use a one-time password scheme to reduce the risk of unauthorized access.
Steps
-
Access the authentication prompt in one of the following ways:
- Follow the instructions for the VPN client about connecting and authenticating.
- Enter the IP address and port of the Firewall to open an authentication page in a web browser.
-
To authenticate using a user name and password, enter the user credentials.
If you enter your user name without specifying the LDAP domain, the default LDAP Domain is used. If your user account does not belong to the default LDAP Domain, add the LDAP Domain to the
user name with the
@ character as a separator.
For example, enter fred@mobileusers for the user fred in the
LDAP Domain mobileusers.
-
To authenticate using a client certificate, do the following.
-
If you have a smart card, insert the smart card into the smart card reader.
-
If there is more than one certificate on the smart card or on your computer, select the certificate to use for authentication.
-
(Smart card only) Enter the PIN for the smart card if you are prompted to do so.
-
To re-authenticate the active session, do one of the following.
- Follow the instructions for the VPN client about re-authenticating.
- For browser-based re-authentication, click Re-Authenticate on the status page. Depending on the authentication method, enter your password or enter the response to
the challenge.