Barracuda Networks SSL VPN

Similar documents
HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

Dell SonicWALL NSA 3600 vpn v

Barracuda Networks NG Firewall 7.0.0

Cisco Systems, Inc. Catalyst Switches

<Partner Name> RSA SECURID ACCESS Standard Agent Implementation Guide. WALLIX WAB Suite 5.0. <Partner Product>

Cisco Systems, Inc. Wireless LAN Controller

VMware Identity Manager vidm 2.7

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

Cisco Systems, Inc. IOS Router

Cisco Systems, Inc. Aironet Access Point

Citrix Systems, Inc. Web Interface

Avocent DSView 4.5. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: June 9, Product Information Partner Name

RSA Ready Implementation Guide for

Vanguard Integrity Professionals ez/token

RSA Ready Implementation Guide for. GlobalSCAPE EFT Server 7.3

Apple Computer, Inc. ios

Caradigm Single Sign-On and Context Management RSA Ready Implementation Guide for. Caradigm Single Sign-On and Context Management 6.2.

<Partner Name> RSA SECURID ACCESS. VMware Horizon View Client 6.2. Standard Agent Implementation Guide. <Partner Product>

Infosys Limited Finacle e-banking

SecureW2 Enterprise Client

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

Cyber Ark Software Ltd Sensitive Information Management Suite

Rocket Software Strong Authentication Expert

Security Access Manager 7.0

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

SSH Communications Tectia 6.4.5

Microsoft Unified Access Gateway 2010

Attachmate Reflection for Secure IT 8.2 Server for Windows

RSA SecurID Implementation

Pulse Secure Policy Secure

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

RSA SECURID ACCESS PAM Agent Implementation Guide

Microsoft Forefront UAG 2010 SP1 DirectAccess

RSA SecurID Ready Implementation Guide. Last Modified: November 19, 2009

RSA Ready Implementation Guide for. VMware vsphere Management Assistant 6.0

RSA SecurID Ready Implementation Guide

Barron McCann Technology X-Kryptor

How to Configure the RSA Authentication Manager

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

<Partner Name> <Partner Product> RSA SECURID ACCESS. NetMove SaAT Secure Starter. Standard Agent Client Implementation Guide

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

Open System Consultants Radiator RADIUS Server

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

RSA Ready Implementation Guide for. HelpSystems Safestone DetectIT Security Manager

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

Fischer International Identity Fischer Identity Suite 4.2

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

SailPoint IdentityIQ 6.4

Hitachi ID Systems Inc Identity Manager 8.2.6

Remote Access User Guide for Mac OS (Citrix Instructions)

TalariaX sendquick Alert Plus

Barracuda SSL VPN Integration

How to RSA SecureID with Clustered NATIVE

Remote Support Security Provider Integration: RADIUS Server

RSA SecurID Ready with Wireless LAN Controllers and Cisco Secure ACS Configuration Example

QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because

RSA Ready Implementation Guide for

Integration Guide. LoginTC

RSA Ready Implementation Guide for

Security Provider Integration RADIUS Server

Vendor: RSA. Exam Code: CASECURID01. Exam Name: RSA SecurID Certified Administrator 8.0 Exam. Version: Demo

Pass4sure CASECURID01.70 Questions

SOFTEL Communications Password Reset and Identity Management Suite

Advantage Cloud Two-Factor Security Process

RSA Ready Implementation Guide for

STRS OHIO F5 Access Client Setup for ChromeBook Systems User Guide

Xceedium Xsuite. Secured by RSA Implementation Guide for 3rd Party PKI Applications. Partner Information. Last Modified: February 10 th, 2014

Security Cooperation Information Portal

RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]

External Authentication with Ultra Protect v7.2 SSL VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

Secured by RSA Implementation Guide for Software Token Authenticators

RSA Two Factor Authentication. Feature Description

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

AT&T Global Smart Messaging Suite

How to Configure Authentication and Access Control (AAA)

Establishing two-factor authentication with Barracuda SSL VPN and HOTPin authentication server from Celestix Networks

External Authentication with Checkpoint R77.20 Authenticating Users Using SecurAccess Server by SecurEnvoy

Authentify SMS Gateway

050-v71x-CSESECURID RSA. RSA SecurID Certified Systems Engineer 7.1x

EOH-SASOL - Setup Sasol Mobile Express (Client)

Two factor authentication for F5 BIG-IP APM

Integration Guide. SecureAuth

Remote Access. Application Viewer User Guide

RSA Authentication Manager 6.1 to 8.0 Migration Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3

McAfee Endpoint Encryption

Implementation Guide VMWare View 5.1. DualShield. for. VMWare View 5.1. Implementation Guide

Remote Access VPN Setup

MyFloridaNet-2 (MFN-2) Customer Portal/ Password Management/ VPN Reference Guide

Citrix Access Gateway Implementation Guide

Integration Guide. SafeNet Authentication Service (SAS)

Intel Security/McAfee Endpoint Encryption

SSO Plugin. Release notes. J System Solutions. Version 4.0

Astaro Security Gateway UTM

MyFloridaNet-2 (MFN-2) Remote Access VPN Reference Guide

ISA 2006 and OWA 2003 Implementation Guide

Transcription:

RSA SecurID Ready Implementation Guide Partner Information Last Modified: October 24, 2013 Product Information Partner Name Barracuda Networks Web Site https://www.barracuda.com/ Product Name Barracuda Version & Platform 2.4.0.9 Product Description The Barracuda is an integrated hardware and software solution enabling secure, clientless remote access to internal network resources from any Web browser. Designed for remote employees and road warriors, the Barracuda provides comprehensive control over file systems and Web-based applications requiring external access. The Barracuda SSL VPN integrates with third-party authentication mechanisms to control user access levels and to provide Single Sign-On.

Solution Summary The Barracuda can perform authentication to RSA Authentication Manager servers by using the RADIUS protocol. This is done by utilizing a Java based RADIUS client to send authentication requests to the Authentication Manager server and allowing or denying access to the unit based upon a success or failure message returned by the Authentication Manager server. This client also handles RADIUS challenge requests, allowing the Authentication Manager server to communicate and prompt for PIN change requests etc. All that needs to be configured on the Barracuda is an Authentication Scheme which uses the RADIUS module and also to set the RADIUS server specific details such as hostname, shared secret etc. This can be ideal if you already have an RSA Authentication Manager infrastructure in place and you wish to bring the same security to an internet facing product such as an. RSA authentication can be combined with any of the Barracuda s 7 other authentication methods, to create multi factor authentication for even greater security. RSA Authentication Manager supported features Barracuda version 2.4.0.9 RSA SecurID Authentication via Native RSA SecurID Protocol RSA SecurID Authentication via RADIUS Protocol On-Demand Authentication via Native SecurID Protocol On-Demand Authentication via RADIUS Protocol Risk-Based Authentication Risk-Based Authentication with Single Sign-On RSA Authentication Manager Replica Support Secondary RADIUS Server Support RSA SecurID Software Token Automation RSA SecurID SD800 Token Automation RSA SecurID Protection of Administrative Interface Yes Yes Yes Yes - 2 -

Authentication Agent Configuration Authentication Agents are records in the RSA Authentication Manager database that contain information about the systems for which RSA SecurID authentication is provided. All RSA SecurID-enabled systems require corresponding Authentication Agents. Authentication Agents are managed using the RSA Security Console. The following information is required to create an Authentication Agent: Hostname IP Addresses for network interfaces Set the Agent Type to Standard Agent when adding the Authentication Agent. This setting is used by the RSA Authentication Manager to determine how communication with the Barracuda will occur. A RADIUS client that corresponds to the Authentication Agent must be created in the RSA Authentication Manager in order for the Barracuda to communicate with RSA Authentication Manager. RADIUS clients are managed using the RSA Security Console. The following information is required to create a RADIUS client: Hostname IP Addresses for network interfaces RADIUS Secret te: Hostnames within the RSA Authentication Manager / RSA SecurID Appliance must resolve to valid IP addresses on the local network. Please refer to the appropriate RSA documentation for additional information about creating, modifying and managing Authentication Agents and RADIUS clients. - 3 -

Partner Product Configuration Before You Begin This section provides instructions for configuring the Barracuda with RSA SecurID Authentication. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All Barracuda components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. Overview 1. Configure RADIUS settings. Log on to Barracuda as ssladmin, navigate to Access Control > Configuration and scroll down to the RADIUS section. - 4 -

2. Enter appropriate details for the SecurID server such as RADIUS Server, Shared Secret, Authentication Method. te: If you are using Secondary failover servers, it is recommended to decrease the timeout to 10 seconds from the default 30 and decrease the number of retries to 1 also set the Reject Challenge option to. Without this, you will not get prompts to change PINs etc. 3. Create an Authentication Scheme using the RADIUS module. As ssladmin, navigate to Access Control > Authentication Schemes and create a new Authentication Scheme, this must contain at least the RADIUS module, but you may add more if you wish to have multi factor authentication. Assign this to a Policy to provide access to this scheme for your users and click Add. 4. Once created, if you wish this new scheme to be the default, click More... next to its name and move it to the top of the list. - 5 -

5. Next, create a user account to match the RADIUS login name. Navigate to the ACCESS CONTROL tab and select Accounts. Alternatively if you re using an Active Directory or LDAP server, ensure this account exists on that user database. 6. Enter a username and password and click add. You are now ready to test the RADIUS login account. - 6 -

7. To successfully get prompted for SecurID Next Tokencode Mode you will need to increase the number of failed logon attempts. Navigate to Access Control > Security Settings. In the Password Options section, increase the value of Max. logon attempts before lock to at least 5. - 7 -

RSA SecurID Login Screens Login screen: User-defined New PIN: - 8 -

PIN Accepted, wait for change: System-generated New PIN: Next Tokencode: - 9 -

Certification Checklist for RSA Authentication Manager Date Tested: October 24, 2013 Certification Environment Product Name Version Information Operating System RSA Authentication Manager 8.0 Virtual Appliance Barracuda 2.4.0.9 Linux Mandatory Functionality RSA Native Protocol RADIUS Protocol New PIN Mode Force Authentication After New PIN N/A Force Authentication After New PIN System Generated PIN N/A System Generated PIN User Defined (4-8 Alphanumeric) N/A User Defined (4-8 Alphanumeric) User Defined (5-7 Numeric) N/A User Defined (5-7 Numeric) Deny 4 and 8 Digit PIN N/A Deny 4 and 8 Digit PIN Deny Alphanumeric PIN N/A Deny Alphanumeric PIN Deny PIN Reuse N/A Deny PIN Reuse Passcode 16-Digit Passcode N/A 16-Digit Passcode 4-Digit Fixed Passcode N/A 4-Digit Fixed Passcode Next Tokencode Mode Next Tokencode Mode N/A Next Tokencode Mode On-Demand Authentication On-Demand Authentication N/A On-Demand Authentication On-Demand New PIN N/A On-Demand New PIN Load Balancing / Reliability Testing Failover (3-10 Replicas) N/A Failover RSA Authentication Manager N/A RSA Authentication Manager GLS / PAR = Pass = Fail N/A = t Applicable to Integration - 10 -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback