Configuring Active Directory Authentication

You can use an Active Directory authentication server to authenticate your users to the Firebox. You must configure the Firebox® and configure the Active Directory server.

  1. From Policy Manager, select Setup > Authentication Servers. Select the Active Directory tab
  2. Select the Enable Active Directory Server check box.
  3. Type the IP address of the primary Active Directory server to which the Firebox sends authentication requests.
  4. Select the TCP port number for the Firebox to use to connect to the Active Directory server. The default port number is 389.
  5. Type the Search Base. The standard format for the search base setting is: cn=common name,dc=first part of distinguished server name,dc=any part of the distinguished server name appearing after a "dot".
    For example, if your user accounts are in an OU (organizational unit) you refer to as "accounts" and your domain name is HQ_main.com. Your search base is: "ou=accounts,dc=HQ_main,dc=com".
    You set a search base to put limits on the directories on the authentication server the Firebox searches in for an authentication match.
  6. Type the Group String.
    The attribute string that is used to hold user group information on the Active Directory server. If you have not changed your Active Directory schema, the group string is always "memberOf".
  7. If necessary, change the time-out value. This is the time the Firebox waits for a response from the authentication server.
  8. Add information for a backup Active Directory Server, if you have one.
  9. To configure MUVPN users to get authentication information from the Active Directory Server, click the Optional Settings button. You can enter MUVPN client information in the user properties of your Active Directory Server, which includes as the IP address, subnet mask, or DNS and WINS servers. Then, you can map these fields to the fields that appear in Optional Settings. When the MUVPN user starts a VPN tunnel through the Firebox, the Firebox sets the IP address, subnet mask, or DNS and WINs servers for the user with the information that appears in the Active Directory user properties.

IP Attribute String
    Type the name of the Active Directory user property field name that contains the assigned IP address.

Netmask Attribute String
    Type the name of the Active Directory user property field name that contains the assigned subnet mask.

DNS Attribute String
    Type the name of the Active Directory user property field name that contains the DNS server IP address.

WINS Attribute String
    Type the name of the Active Directory user property field name that contains the WINS server IP address.

Lease Time Attribute String
    Type the name of the Active Directory user property field name that contains the assigned lease time.

Idle Timeout Attribute String
    Type the name of the Active Directory user property field name that contains the assigned idle timeout.

 

Return to Top

Copyright © 1996 - 2005 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use