Configure the External Authentication Server

If you create a Mobile VPN user group that authenticates to a third-party server, make sure you create a group on the server that has the same name as the name you added for the Mobile VPN group.

Active Directory — Users must belong to an Active Directory security group with the same name as the group name you configure for Mobile VPN with SSL.

RADIUS, VASCO, or SecurID — Make sure that the RADIUS server sends a Filter-Id attribute (RADIUS attribute 11) when a user successfully authenticates, to tell the Firebox what group the user belongs to. The value for the Filter-Id attribute must match the name of the Mobile VPN group as it appears in the Fireware RADIUS authentication server settings. All Mobile VPN users that authenticate to the server must belong to this group.

AuthPoint — In Fireware v12.7 or higher, you can select AuthPoint as an authentication server in the Mobile VPN with SSL configuration. The group and user names you specify in the Mobile VPN with SSL configuration must match the group and user names that you specify in AuthPoint.

If you configure Mobile VPN with SSL to use more than one authentication server, users who do not use the default authentication server must specify the authentication server or domain as part of the user name. For more information and examples, see Download, Install, and Connect the Mobile VPN with SSL Client.

Related Topics

About Third-Party Authentication Servers

Use Multi-Factor Authentication (MFA) with Mobile VPNs