How User Authentication Works

A specialized HTTP server runs on the Firebox. To authenticate, clients must connect to the authentication server using a Java-enabled Web browser pointed to:
http://IP address of any Firebox interface:4100/

A Java applet loads a prompt for a username and password that it then passes to the authentication server using a challenge-response protocol. Once successfully authenticated, users minimize the Java applet and browser window and begin using allowed network services.

As long as the Java window remains active (it can be minimized but not closed) and the Firebox does not reboot, users remain authenticated until the session times out. To prevent an account from authenticating, disable the account on the authentication server.

Using external authentication

Although the authentication applet is primarily used for outbound traffic, it can be used for inbound traffic as well. Authentication can be used outside the Firebox as long as you have an account on that Firebox. For example, if you are working at home, you can point your browser to:
http://public IP address of any Firebox interface:4100/

The authentication applet appears to prompt you for your login credentials. This can provide you access through various services such as FTP and Telnet, if you have preconfigured your Firebox to allow this.

Enabling remote authentication

Use this procedure to allow remote users to authenticate from the External interface, which gives them access to services through the Firebox.

In the Services Arena in Policy Manager, double-click the wg_authentication service icon.
On the Incoming tab, select Enabled and Allowed.
Under the From box, click Add.
Click Add Under and add the IP addresses of the remote users you are allowing to authenticate externally.

Related topics:

Authentication Server Types

Defining Firebox Users and Groups for Authentication

Creating Aliases and Implementing Authentication

Return to Top