Create RADIUS or TACACS+ Authentication Server elements
You can authenticate end-user access through Firewalls and administrator’s logons to the SMC against external authentication servers that support either the RADIUS or TACACS+ protocol.
For more details about the product and how to configure features, click Help or press F1.
Steps
Result
RADIUS Authentication Server Properties dialog box
Use this dialog box to define RADIUS Authentication Server properties.
Option | Definition |
---|---|
General tab | |
Name | The name of the element. |
IP Address |
Specifies the server IP address. IPv4 addresses, IPv6 addresses, and fully qualified domain names (FQDNs) are supported. You can enter only one IPv4, IPv6 or FQDN as the IP address. |
Resolve | Automatically resolves the IP address of the server from a domain name in the Name field. |
Location | Specifies the location for the server if there is a NAT device between the server and other SMC components. |
Contact Addresses |
|
Port
(Optional) |
Specifies the port number if the server communicates on a port other than the default port. The predefined Firewall Template allows the engines to connect to the default port. If you change to a custom port, you must add a IPv4 Access rule to allow the traffic. |
Shared Secret | Specifies the secret key for communication with the RADIUS authentication server. By default, passwords and keys are not shown in plain text. To show the password or key, deselect the Hide option. |
Number of Retries | Specifies the number of times Firewalls try to connect to the RADIUS authentication server if the connection fails. |
Timeout | Specifies the time (in seconds) that Firewalls wait for the RADIUS authentication server to reply. |
Category (Optional) |
Includes the element in predefined categories. Click Select to select a category. |
Tools Profile | Adds custom commands to the server right-click menu. Click Select to select a Tools Profile element. |
Comment (Optional) |
A comment for your own reference. |
Option | Definition |
---|---|
Authentication Methods tab | |
Name | Shows the name of the Authentication Method. |
Type |
Shows the authentication type.
|
Comment | Double-click the cell to enter a comment. |
Add | Opens the Select Element dialog box and adds the selected authentication method to the Authentication Methods list. |
Edit | Opens the Properties dialog box for the selected authentication method. |
Remove | Removes the selected authentication method. |
Option | Definition |
---|---|
Secondary IP Addresses tab | |
Secondary IP Addresses |
Specifies any additional device IP addresses. You can enter the additional IP addresses here instead of creating more elements for the other IP addresses. The secondary IP addresses are valid in policies and in routing and antispoofing. |
Add | Adds a row to the table. |
Remove | Removes the selected IP address from the list. |
Option | Definition |
---|---|
Monitoring tab | |
Log Server | The Log Server that monitors the status of the element. |
Status Monitoring | When selected, activates status monitoring for the device. You must also select the Probing Profile that contains the definitions for the monitoring. When you select Status Monitoring, the element is added to the tree in the Dashboard view. |
Probing Profile | Shows the name of the selected Probing Profile. Click Select to select a Probing Profile element. |
Log Reception | Activates syslog reception from this device. You must select the Logging Profile that contains the definitions for converting the syslog entries to SMC log entries. You must also select the Time Zone in which the device is located. By default, the local time zone of the computer you are using is selected. |
Logging Profile | Shows the name of the selected Logging Profile. Click Select to select a Logging Profile element. |
Time Zone | Selects the time zone for the logs. |
Encoding | Selects the character set for log files. |
SNMP Trap Reception | Enables the reception of SNMP traps from the third-party device. |
NetFlow Reception | Enables the reception of NetFlow data from the third-party device. The supported versions are NetFlow v5, NetFlow v9, and IPFIX (NetFlow v10). |
Option | Definition |
---|---|
NAT tab (All optional settings) |
|
Firewall | Shows the selected firewall. |
NAT Type | Shows the NAT translation type: Static or Dynamic. |
Private IP Address | Shows the Private IP Address. |
Public IP Address | Shows the defined Public IP Address. |
Port Filter | Shows the selected Port Filters. |
Comment | An optional comment for your own reference. |
Add NAT Definition | Opens the NAT Definition Properties dialog box. |
Edit NAT Definition | Opens the NAT Definition Properties dialog box for the selected definition. |
Remove NAT Definition | Removes the selected NAT definition from the list. |
TACACS+ Authentication Server Properties dialog box
Use this dialog box to define Terminal Access Controller Access-Control System (TACACS+) Authentication Server properties.
Option | Definition |
---|---|
General tab | |
Name | The name of the element. |
IP Address |
Specifies the server IP address. IPv4 addresses, IPv6 addresses, and fully qualified domain names (FQDNs) are supported. You can enter only one IPv4, IPv6 or FQDN as the IP address. |
Resolve | Automatically resolves the IP address of the server. |
Location | Specifies the location for the server if there is a NAT device between the server and other SMC components. |
Contact Addresses |
|
Port
(Optional) |
Enter the port number if the server communicates on a port other than the default port. The predefined Firewall Template allows the engines to connect to the default port. If you change to a custom port, you must add an IPv4 Access rule to allow the traffic. |
Shared Secret | Enter the secret key for communication with the TACACS+ authentication server. By default, passwords and keys are not shown in plain text. To show the password or key, deselect the Hide option. |
Number of Retries | Enter the number of times Firewalls try to connect to the TACACS+ authentication server if the connection fails. |
Timeout | Enter the time (in seconds) that Firewalls wait for the TACACS+ authentication server to reply. |
Clear Text Replies | Select to enable the Firewall to accept unencrypted replies from the TACACS+ authentication server. |
Accepted by Firewall | Enable if you want the Firewall to accept unencrypted replies. |
Category (Optional) |
Includes the element in predefined categories. Click Select to select a category. |
Tools Profile | Adds custom commands to the server right-click menu. Click Select to select a Tools Profile element. |
Comment (Optional) |
A comment for your own reference. |
Option | Definition |
---|---|
Authentication Methods tab | |
Name | Enter a name for the authentication method. |
Type | Shows the selected authentication type.
|
Comment | Double-click the cell to enter a comment. |
Add | Opens the Select Element dialog box and adds the selected authentication method to the Authentication Methods list. |
Edit | Opens the Properties dialog box for the selected authentication method. |
Remove | Removes the selected authentication method. |
Option | Definition |
---|---|
Secondary IP Addresses tab | |
Secondary IP Addresses |
Specifies any additional device IP addresses. You can enter the additional IP addresses here instead of creating more elements for the other IP addresses. The secondary IP addresses are valid in policies and in routing and antispoofing. |
Add | Adds a row to the table. |
Remove | Removes the selected IP address from the list. |
Option | Definition |
---|---|
Monitoring tab | |
Log Server | The Log Server that monitors the status of the element. |
Status Monitoring | When selected, activates status monitoring for the device. You must also select the Probing Profile that contains the definitions for the monitoring. When you select Status Monitoring, the element is added to the tree in the Dashboard view. |
Probing Profile | Shows the name of the selected Probing Profile. Click Select to select a Probing Profile element. |
Log Reception | Activates syslog reception from this device. You must select the Logging Profile that contains the definitions for converting the syslog entries to SMC log entries. You must also select the Time Zone in which the device is located. By default, the local time zone of the computer you are using is selected. |
Logging Profile | Shows the name of the selected Logging Profile. Click Select to select a Logging Profile element. |
Time Zone | Selects the time zone for the logs. |
Encoding | Selects the character set for log files. |
SNMP Trap Reception | Enables the reception of SNMP traps from the third-party device. |
NetFlow Reception | Enables the reception of NetFlow data from the third-party device. The supported versions are NetFlow v5, NetFlow v9, and IPFIX (NetFlow v10). |
Option | Definition |
---|---|
NAT tab (All optional settings) |
|
Firewall | Shows the selected firewall. |
NAT Type | Shows the NAT translation type: Static or Dynamic. |
Private IP Address | Shows the Private IP Address. |
Public IP Address | Shows the defined Public IP Address. |
Port Filter | Shows the selected Port Filters. |
Comment | An optional comment for your own reference. |
Add NAT Definition | Opens the NAT Definition Properties dialog box. |
Edit NAT Definition | Opens the NAT Definition Properties dialog box for the selected definition. |
Remove NAT Definition | Removes the selected NAT definition from the list. |