How to Configure Guest Access with the Ticketing System

Similar documents
How to Set Up External CA VPN Certificates

Lab Guide. Barracuda NextGen Firewall F-Series Microsoft Azure - NGF0501

3. In the upper left hand corner, click the Barracuda logo ( ) then click Settings 4. Select the check box for SPoE as default.

Step 3 - How to Configure Basic System Settings

User Inputs for Installation, Reinstallation, and Upgrade

System Setup. Accessing the Administration Interface CHAPTER

Checklist. Version 2.0 October 2015

VMware Horizon View Deployment

How to Configure Authentication and Access Control (AAA)

Load Balancing VMware Workspace Portal/Identity Manager

Example - Configuring a Site-to-Site IPsec VPN Tunnel

How to Configure a Remote Management Tunnel for an F-Series Firewall

Example - Reverse Proxy for Exchange Services

Realms and Identity Policies

How to open ports in the DSL router firmware version 2.xx and above

Web and MAC Authentication

Grandstream Networks, Inc. Captive Portal Authentication via Facebook

Barracuda Networks NG Firewall 7.0.0

Grandstream Networks, Inc. Captive Portal Authentication via Twitter

Configuring 802.1X Settings on the WAP351

SSL VPN Web Portal User Guide

Grandstream Networks, Inc. Captive Portal Authentication via Facebook

Microsoft Exchange Server 2013 and 2016 Deployment

How to Configure a Client-to-Site L2TP/IPsec VPN

MikroWall Hotspot Router and Firewall System

Grandstream Networks, Inc. Captive Portal Authentication via Facebook

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide

Barracuda Firewall Release Notes 6.6.X

Configure and enable syslog streaming for every Barracuda NextGen Firewall F-Series you want to include in the Splunk App.

VMware AirWatch Integration with F5 Guide Enabling secure connections between mobile applications and your backend resources

VII. Corente Services SSL Client

AT&T Cloud Web Security Service

Load Balancing VMware Identity Manager

3) Click the Screen Sharing option and click connect to establish the session

Link Gateway Initial Configuration Manual

Table of Contents. Installing the AD FS Running the PowerShell Script 16. Troubleshooting log in issues 19

The following topics provide more information on user identity. Establishing User Identity Through Passive Authentication

How to Configure a Client-to-Site IPsec IKEv2 VPN

User Input for Installation and Reinstallation

Double-clicking an entry opens a new window with detailed information about the selected VPN tunnel.

D-Link Central WiFiManager Configuration Guide

Using ANM With Virtual Data Centers

User Inputs for Installation

IT Department. Basic WIFI Troubleshooting on ACC SSID. October 2017

Chapter 8. User Authentication

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide

Skandocs Installation and Connectivity Guide What you need to know to successfully utilise the Internet connectivity in Skandocs

Intel Small Business Extended Access. Deployment Guide

How to Set Up VPN Certificates

Example - Allowing SIP-based VoIP Traffic

User Identity Sources

Remote Access via Cisco VPN Client

Configuring the SMA 500v Virtual Appliance

On the left hand side of the screen, click on Setup Wizard and go through the Wizard.

VMware Content Gateway to Unified Access Gateway Migration Guide

Hosted Microsoft Exchange Client Setup & Guide Book

A5500 Configuration Guide

Integration Guide. LoginTC

Guide to your CGIAR Network account Self Service tool

Configuration examples for the D-Link NetDefend Firewall series DFL-260/860

CYAN SECURE WEB Installing on Windows

Password Reset PRO INSTALLATION GUIDE

Cisco ISR G2 and Cloud Web Security Troubleshooting Guide

DEPLOYMENT GUIDE DEPLOYING F5 WITH ORACLE ACCESS MANAGER

How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT

Configuring Remote Access using the RDS Gateway

Port Forwarding Setup (NB7)

Barracuda Firewall Release Notes 6.5.x

Managing WCS User Accounts

Security in Confirmit Software - Individual User Settings

Managing External Identity Sources

Troubleshooting Web Authentication on a Wireless LAN Controller (WLC)

Installing and Configuring vcloud Connector

NGF0502 AWS Student Slides

1 About this document System environment Communication between devices and push servers Technical support...

Parallels Remote Application Server

SMART Bridgit 4.1 Installation and System Administrator s Guide

Infoblox Authenticated DHCP

How to Configure a Remote Management Tunnel for Barracuda NG Firewalls

Bomgar PA Integration with ServiceNow

CloudLink SecureVM. Administration Guide. Version 4.0 P/N REV 01

Blue Coat Security First Steps. Solution for Integrating Authentication using IWA BCAAA

SaaSaMe Transport Workload Snapshot Export for. Alibaba Cloud

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP Access Policy Manager with IBM, Oracle, and Microsoft

SSH with Globus Auth

Sophos Mobile Control installation prerequisites form. Product version: 7

Sophos Mobile Control Installation prerequisites form

User Communication Citrix SecureAuth

AirLive RS Security Bandwidth Management. Quick Setup Guide

Cisco Expressway with Jabber Guest

Installation Guide McAfee Firewall Enterprise (Sidewinder ) on Riverbed Services Platform

Managing WCS User Accounts

XenMobile 10 Cluster installation. Here is the task that would be completed in order to implement a XenMobile 10 Cluster.

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

Advanced Configuration for SAML Authentication

How to Configure Office 365 for Inbound and Outbound Mail

Series 5000 ADSL Modem / Router. Firmware Release Notes

Horizon DaaS Platform 6.1 Service Provider Installation - vcloud

Identity Policies. Identity Policy Overview. Establishing User Identity through Active Authentication

vshield Administration Guide

Transcription:

How to Configure Guest Access with the Ticketing System Set up a login or ticketing system to temporarily grant access to guest users. Ticketing admins assign guest tickets to the users. The user credentials on these tickets are then used by the guest users when prompted to authenticate. Tickets expire after a set period of time chosen by the ticket administrator. Step 1. Create the SSL Certificate and Ticket Admin User Create or upload an SSL certificate for the ticketing interface and create the ticketing admin user. 1. 2. 3. 4. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Settings. In the left menu, select Authentication. Click Lock. Import or create the Default HTTPS Private Key and Default HTTPS Certificate. This SSL certificate is also used by inline and offline firewall authentication. If inline authentication is used, the Name of the certificate must be the IP address or an FQDN resolving to the IP address of the Barracuda NextGen Firewall F-Series. This value is used to redirect the client to the authentication daemon. 5. 6. 7. In the left menu, click on Guest Access. (optional) Enter a custom Confirmation text for the ticketing interface. In the Ticketing Administration User section, enter Username and Password for the ticketing admin. You can only create one ticket admin. 8. (optional) Enter Max Days and Max Hours to limit the lifetime of the ticket the ticketing admin is allowed to grant. Enter 0 to remove the limit. 9. Click Send Changes and Activate. Step 2. Create an Access Rule to Access the NextGen Firewall F-Series Admin Ticketing Interface Create an app redirect access rule to access the NextGen Firewall F-Series ticketing system. This interface is used to create tickets for guest users. 1. 2. 3. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules. Click Lock. Create an App Redirect access rule: Action Select App Redirect. Name E.g., LAN-2-TicketingAdminInterface. Source Select the source network(s) allowed to access the ticketing system. Service Select HTTP+S. 1 / 6

4. Destination Enter the IP address for the admin ticketing interface. You can use any free IP address or an IP address on the Barracuda NextGen Firewall F-Series that does not have a listener on port 80 and 443. Redirection Enter 127.0.0.1:447 Authenticated User Select Any or a user object containing the users allowed to create guest tickets. Click OK. 5. Place the access rule so that it is the first rule to match for HTTP+S traffic to the chosen ticketing system IP address. 6. Click Send Changes and Activate. The admin ticketing interface is now reachable via https://4.4.4.4/lp/cgi-bin/ticketing. (If you used 4.4.4.4 as the destination IP address in the access rule.) 2 / 6

Step 3. Create an Access Rule to Redirect Users to the User Ticketing Login Create an app redirect access rule that redirects the user to the FWauth daemon on port TCP 447 on the Barracuda NextGen Firewall F-Series. FWauth on port 447 displays the ticketing login page. 1. Go to CONFIGURATION > Configuration Tree > Box >Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules. 2. Click Lock. 3. Create an App Redirect access rule: Action Select App Redirect. Name E.g., LAN-2-TICKETAUTH. Source Select the source network(s). Service Select HTTP+S. Since the user has to use a browser to access the confirmation page, limit the service to HTTP and HTTPS. Destination Select the destination. E.g., Internet. Redirection Enter 127.0.0.1:447 Authenticated User Select Any. 4. Click OK. 3 / 6

5. Place the access rule so that it is the first rule to match for HTTP+S and unauthenticated users for the source network, but after the rule allowing unauthenticated DNS access if the DNS server is not in the local network. 6. Click Send Changes and Activate. Step 4. Create an Access Rule for Redirecting an Authenticated User to the Desired Web Page At this point, a user would still be directed to the ticketing login page even after a successful authentication. In order to pass the user to the desired web page, an access rule must be placed prior to the access rule in Step 3. This access rule passes users to the Internet if they are part of the set of All Authenticated Users. Consequently, the access rule in Step 3 will be evaluated only if the user is not logged in as an authenticated user. 1. Go to CONFIGURATION > Configuration Tree > Box >Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules. 2. Click Lock. 3. Create a PASS access rule: Action Select PASS. Name E.g., GUEST-2-INTERNET. Source Select the source network(s). E.g., GuestAccess-Lan. Service Select HTTP+S (or any other service that will be granted to the user). Destination Select the destination. E.g., Internet. Connection Method Enter Dynamic NAT. Authenticated User Select All Authenticated Users. 4. Click OK. 4 / 6

5. Place the access rule prior to the access rule from Step 3. 6. Click Send Changes and Activate. Unauthorized users accessing the Internet or restricted network resources from the source network are redirected to the user ticketing login page. After entering the ticketing user and password, they are automatically forwarded to the website they originally wanted to visit. A TKT- user is created and valid for 20 minutes until you need to reauthenticate. Open the Firewall > Users page to see the authenticated users. Next Steps For more information on how to create guest user tickets and use them to login, see How to Manage Guest Tickets - User's Guide. 5 / 6

Figures 6 / 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback