How to Integrate RSA SecurID with the Barracuda Web Application Firewall

Similar documents
How to Configure the RSA Authentication Manager

Barracuda Networks SSL VPN

Barracuda Networks NG Firewall 7.0.0

RSA SecurID Implementation

How to RSA SecureID with Clustered NATIVE

VMware Identity Manager vidm 2.7

RSA Ready Implementation Guide for. GlobalSCAPE EFT Server 7.3

How to Configure Authentication and Access Control (AAA)

RSA Ready Implementation Guide for

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

Pulse Secure Policy Secure

Dell SonicWALL NSA 3600 vpn v

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

<Partner Name> RSA SECURID ACCESS Standard Agent Implementation Guide. WALLIX WAB Suite 5.0. <Partner Product>

Attachmate Reflection for Secure IT 8.2 Server for Windows

QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because

Cisco Systems, Inc. Wireless LAN Controller

Citrix Systems, Inc. Web Interface

Apple Computer, Inc. ios

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Avocent DSView 4.5. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: June 9, Product Information Partner Name

SailPoint IdentityIQ 6.4

Cisco Systems, Inc. Catalyst Switches

Remote Access User Guide for Mac OS (Citrix Instructions)

RSA SecurID Ready with Wireless LAN Controllers and Cisco Secure ACS Configuration Example

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

RSA SECURID ACCESS PAM Agent Implementation Guide

<Partner Name> RSA SECURID ACCESS. VMware Horizon View Client 6.2. Standard Agent Implementation Guide. <Partner Product>

RSA SecurID Ready Implementation Guide

Advantage Cloud Two-Factor Security Process

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

Cisco Systems, Inc. IOS Router

RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]

Cyber Ark Software Ltd Sensitive Information Management Suite

RSA Two Factor Authentication. Feature Description

Security Cooperation Information Portal

Cisco Systems, Inc. Aironet Access Point

Caradigm Single Sign-On and Context Management RSA Ready Implementation Guide for. Caradigm Single Sign-On and Context Management 6.2.

<Partner Name> <Partner Product> RSA SECURID ACCESS. NetMove SaAT Secure Starter. Standard Agent Client Implementation Guide

BEST PRACTICES GUIDE RSA MIGRATION MODULE

Microsoft Unified Access Gateway 2010

SecureW2 Enterprise Client

SSH Communications Tectia 6.4.5

Security Access Manager 7.0

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

VAM. Radius 2FA Value-Added Module (VAM) Deployment Guide

Open System Consultants Radiator RADIUS Server

RSA SecurID Ready Implementation Guide. Last Modified: November 19, 2009

STRS OHIO F5 Access Client Setup for ChromeBook Systems User Guide

Secured by RSA Implementation Guide for Software Token Authenticators

Remote Access VPN Setup

Hitachi ID Systems Inc Identity Manager 8.2.6

mystanwell.com Accessing using Apple devices Information and Business Systems

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault

EOH-SASOL - Setup Sasol Mobile Express (Client)

External Authentication with Windows 2008R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

RSA SecurID Ready Implementation Guide

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

External Authentication with Checkpoint R77.20 Authenticating Users Using SecurAccess Server by SecurEnvoy

Remote Access. Application Viewer User Guide

RSA Ready Implementation Guide for. VMware vsphere Management Assistant 6.0

HPE IMC UAM 802.1X Access Control and RSA Authentication Configuration Examples

Pass4sure CASECURID01.70 Questions

How to Configure Connection Fallback using Multiple VPN Gateways

RSA Authentication Manager Adapter User Guide

Infosys Limited Finacle e-banking

Remote Support Security Provider Integration: RADIUS Server

RSA Authentication Manager 7.1 Help Desk Administrator s Guide

Barracuda SSL VPN Integration

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

RSA Ready Implementation Guide for

Vanguard Integrity Professionals ez/token

Data Exchange via ProjektPortal

Implementation Guide for protecting Juniper SSL VPN with BlackShield ID

AT&T Global Smart Messaging Suite

MyFloridaNet-2 (MFN-2) Remote Access VPN Reference Guide

Integration Guide. LoginTC

Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0. Issue th October 2009 ABSTRACT

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

Barron McCann Technology X-Kryptor

050-v71x-CSESECURID RSA. RSA SecurID Certified Systems Engineer 7.1x

Vendor: RSA. Exam Code: CASECURID01. Exam Name: RSA SecurID Certified Administrator 8.0 Exam. Version: Demo

MyFloridaNet-2 (MFN-2) Customer Portal/Password Management Reference Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

4TRESS FT2011 Out-of-Band Authentication and Juniper Secure Access

External Authentication with Ultra Protect v7.2 SSL VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

Technical Note: RSA SecurID /SA Integration

> Nortel Switched Firewall (NSF) SecurID Configuration Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

RSA Authentication Manager 7.1 Administrator s Guide

SecurEnvoy Microsoft Server Agent

WatchGuard Firebox and MUVPN. Quick Start Guide. Copyright CRYPTOCard Corporation All Rights Reserved

Configuring RADIUS. Information About RADIUS. RADIUS Network Environments. Send document comments to

Security Provider Integration RADIUS Server

OneLogin Integration User Guide

CITRIX REMOTE PC SKADDEN REMOTE ACCESS PAGE CONNECT TO SKADDEN SYSTEMS REMOTELY LOG ON TO REMOTE DESKTOP DOWNLOAD & INSTALL CITRIX

Microsoft OWA 2007 IIS Integration

Rocket Software Strong Authentication Expert

Microsoft OWA 2013 IIS Integration

Transcription:

How to Integrate RSA SecurID with the Barracuda Web Application Firewall The Barracuda Web Application Firewall can be configured as a RADIUS client to the RSA SecurID Server System, comprised of the RSA Authentication Manager and the Radius Server. Integrating the Barracuda Web Application Firewall with RSA SecurID requires three steps: 3. Configure the RSA Authentication Manager. Configure the Barracuda Web Application Firewall. Verify the Setup and Authentication Process. Configure the RSA Authentication Manager Perform the following settings on the RSA Authentication Manager Server: 3. 4. Configure the RADIUS protocol settings to be used by the Barracuda Web Application Firewall Add the Barracuda Web Application Firewall as an Agent Host within the RSA Authentication Manager's Database Import SecurID Tokens Add Users to the RSA Authentication Manager and Assign Tokens Configure the RADIUS Protocol Settings Before configuring the RADIUS protocol, ensure the RADIUS server is up and running on the RSA Authentication Manager Server System. To check: Go to Start > Programs > RSA Security and select RSA Authentication Manager Control Panel. Select Start & Stop RSA Auth Mgr Services in the tree on the left pane. The Status of RSA RADIUS Server must be Running. If not, click Start RADIUS to bring it up. On the RSA Authentication Manager Server System, go to Start > Programs > RSA Security and select RSA Authentication Manager Host Mode. Select the RADIUS menu, and select Manage RADIUS Server. 3. When the RSA RADIUS window appears, select RADIUS Clients in the tree on the left pane. 4. Click Add. The Add RADIUS Client window appears. 1 / 10

5. 6. Specify values for the following fields: Name Enter the hostname of the Barracuda Web Application Firewall. Description Optional. 3. IP Address Enter the IP address of the Barracuda Web Application Firewall. 4. Shared Secret Type the secret key. You will need to configure the same Shared Secret on the Barracuda Web Application Firewall in ACCESS CONTROL > Authentication Services > RSA SECURID. 5. Make/Model Select Juniper-ERX. Click OK to save your settings. Add the Barracuda Web Application Firewall as an Agent Host 3. On the RSA Authentication Manager Server System, go to Start > Programs > RSA Security and select RSA Authentication Manager Host Mode. Select the Agent Host menu, and select Add Agent Host. The Add Agent Host window appears. Specify values for the following fields: Name: Enter the hostname of the Barracuda Web Application Firewall. Network Address: Enter the IP address of the Barracuda Web Application Firewall. 3. Agent Type: Select RADIUS Server. 4. Encryption Type: Select DES or SDI encryption. 5. Select Open to All Locally Known Users and Requires Name Lock. 4. Click User Activations... to assign users to the Agent host. 2 / 10

5. Click OK. Now, the Barracuda Web Application Firewall is added as an Agent Host on the RSA Authentication Manager. Import SecurID Tokens On the RSA Authentication Manager Server System, go to Start > Programs > RSA Security and select RSA Authentication Manager Host Mode. From the Token menu, select Import Tokens. 3. Navigate to the token XML file provided by RSA and click Open to import the tokens. 4. The Import Status window appears displaying the number of tokens imported. 3 / 10

Add Users to the RSA Authentication Manager and Assign Tokens On the RSA Authentication Manager Server System, go to Start > Programs > RSA Security and select RSA Authentication Manager Host Mode. From the User menu, select Add User. The Add User window appears. Specify values for the following fields: First and Last Name Enter a user's first and last name. Default Login Enter the default username that will be used by the user to log in. 3. Users on the RSA Server can be authenticated in two ways: Token Mode or Passcode Mode(default). In Token Mode, users authenticate using the Tokencode currently generated by the RSA SecurID 4 / 10

authenticator. In Passcode Mode, users authenticate using a Passcode (Personal Identification Number (PIN) followed by the Tokencode). The random unpredictable code generated by the RSA SecurID authenticator at an interval of every 60 seconds is known as Tokencode. The combination of user s PIN (Personal Identification Number) and the Tokencode currently generated by the user s RSA SecurID authenticator is the user s Passcode. A PIN can be generated: 4. 5. If Allowed to Create a PIN or Required to Create a PIN is NOT selected, the system generates the PIN and gives it to the user. If Allowed to Create a PIN is selected, the user may choose to create a PIN or have the system generate the PIN.The user is offered a system generated pin, and if declined, is prompted to enter a PIN. 3. If Required to Create a PIN is selected, the user must enter a PIN and is prompted to do so when logging in. Select Allowed to Create a PIN or Required to Create a PIN as you prefer. Select Assign Token. Click Yes to confirm. The Select Token window appears. To automatically assign a token, select the method by which you want to sort the token using Sorted by in the Auto Select section. Click Unassigned Token, and then click OK. To manually select the token, click Select Token from List. In the Select Token window, select the serial number for the token to assign, and click OK. 6. Give the user the serial number of the assigned token. The RSA Authentication Manager configuration is now complete. 5 / 10

Configure the Barracuda Web Application Firewall 3. Add the RSA SecurID server as an Authentication Service on the Barracuda Web Application Firewall Associate the RSA SecurID Authentication Service with a Service Configure the authorization policy for the service Add the RSA SecurID Server as an Authentication Service On the Barracuda Web Application Firewall web interface, go to ACCESS CONTROL > Authentication Services: Select the RSA SECURID tab, and specify values for the following fields: Realm Name: Enter the realm name. Server IP: Enter the IP address of the RSA Authentication Server. 3. Server Port: Default is 181 If you aren't sure of the port, you can check on the RSA Authentication Manager Server system. Go to Start > Programs > RSA Security. Select RSA Authentication Manager Host Mode. 3. On the Agent Host menu, choose Edit Agent Host to verify the values. 4. Shared Secret: Provide the same Shared Secret you configured on the RSA Authentication Manager in the Configure the RADIUS Protocol Settings steps. 5. Timeout: Enter the time the Barracuda Web Application Firewall waits for a response from the RSA RADIUS Server before retransmitting the packet. 6. Retries: Enter the maximum number of times the Barracuda Web Application Firewall transmits a request packet to the RSA RADIUS server. Click Add to save your settings. Associate the RSA SecurID Authentication Service with a Service On the Barracuda Web Application Firewall web interface, go to the ACCESS CONTROL > Authentication Policies page: Click Edit Authentication next to the service that you want to associate with the RSA SecurID Authentication Service. On the Edit Authentication Policy window: Set Status to On. From the Authentication Service list, select the RSA SecurID authentication service you created in Add the RSA SecurID Server as an Authentication Service. 3. Specify values for other parameters, and click Save. For more information on how to configure an authentication policy, click Help. Configure the Authorization Policy for the Service On the Barracuda Web Application Firewall web interface, go to the ACCESS CONTROL > Authentication Policies page: Click Add Authorization next to the service for which you want to configure the authorization policy. On the Add Authorization Policy window: Policy Name: Enter a name for the authorization policy. Status: Set to On. 3. Specify values for other parameters as required, and click Save. For more information on how to configure an authorization policy, click Help. 4. Click Edit next to the policy in the Authentication Policies section to configure advanced authorization settings. 6 / 10

If you want users to authenticate using a custom login page when they attempt to access a resource protected by RSA SecurID, use the advanced authorization configuration and set Auth Not Done URL to the custom login URL. Authorization using RSA is not possible using the RADIUS protocol when communicating with the RSA SecurID Server. Native authorization can be done through the Barracuda Web Application Firewall in this case. Verify the Setup and Authentication Process Navigate to the restricted URL by entering the IP address into the address bar of your web browser. The default authentication page, or the custom login page for authentication if you configured it on ACCESS CONTROL > Authorization, will be presented. 3. Depending on your configuration, you will be prompted to enter your username and password. If configured in Passcode mode, you will be offered a system generated PIN, or instructed to provide a PIN. 7 / 10

System Generated Pin Screens User Generated Pin Screens 8 / 10

4. To verify your login results, navigate to BASIC > Access Logs on your Barracuda Web Application Firewall and enable the Login column by selecting the Login checkbox under the Detail column. 9 / 10

Figures 10 / 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback