ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management



Similar documents
ZyWALL OTPv2 Support Notes

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Configuring Global Protect SSL VPN with a user-defined port

ASAS Management Plug-in for MS Active Directory English Only

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Configuring User Identification via Active Directory

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

DIGIPASS Authentication for Cisco ASA 5500 Series

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

Accessing the Media General SSL VPN

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

Integration Guide. Swivel Secure Authentication

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Access Gateway Advanced Edition

Clientless SSL VPN Users

DIGIPASS Authentication for Check Point Connectra

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

RSA SecurID Ready Implementation Guide

Configuring Internet Authentication Service on Microsoft Windows 2003 Server

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

External Authentication with Windows 2008 Server with Routing and Remote Access Service Authenticating Users Using SecurAccess Server by SecurEnvoy

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

Agent Configuration Guide

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

DIGIPASS Authentication for GajShield GS Series

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

How to integrate RSA ACE Server SecurID Authentication with Juniper Networks Secure Access SSL VPN (SA) with Single Node or Cluster (A/A or A/P)

DIGIPASS Authentication for Check Point Security Gateways

Workspot Configuration Guide for the Cisco Adaptive Security Appliance

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

Chapter 3 Authenticating Users

Quality Center LDAP Guide

Cisco ASA Authentication QUICKStart Guide

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

NSi Mobile Installation Guide. Version 6.2

HOTPin Integration Guide: DirectAccess

How To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net (Net 2) On A Gmaalto.Com Web Server

DIGIPASS Authentication for SonicWALL SSL-VPN

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Strong Authentication for Cisco ASA 5500 Series

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

MIGRATION GUIDE. Authentication Server

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

New Brunswick Internal Services Agency. RSA Self-Service Console User Guide

CNW Re-Tooling Exercises

External Authentication with Netscreen 25 Remote VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

Deploying RSA ClearTrust with the FirePass controller

Defender Token Deployment System Quick Start Guide

Microsoft Outlook Web Access 2013 Authenticating Users Using SecurAccess Server by SecurEnvoy

How to configure MAC authentication on a ProCurve switch

Configure your firewall for administrative access via RADIUS authentication

IMS Health Secure Outlook Web Access Portal. Quick Setup

Juniper SSL VPN Authentication QUICKStart Guide

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

How to Configure Web Authentication on a ProCurve Switch

Juniper Networks SSL VPN Implementation Guide

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

IIS, FTP Server and Windows

Verify LDAP over SSL/TLS (LDAPS) and CA Certificate Using Ldp.exe

Training module 2 Installing VMware View

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

BlackShield ID Best Practice

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

BlackShield ID Agent for Remote Web Workplace

Application Note: Cisco Integration with Onsight Connect

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Using Microsoft Active Directory for Checkpoint NG AI SecureClient

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Using a VPN with Niagara Systems. v0.3 6, July 2013

DualShield. for. Microsoft TMG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

Immotec Systems, Inc. SQL Server 2005 Installation Document

Microsoft IAS Configuration for RADIUS Authorization

Sample Configuration: Cisco UCS, LDAP and Active Directory

Management Authentication using Windows IAS as a Radius Server

A Guide to New Features in Propalms OneGate 4.0

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy

Cloud Services ADM. Agent Deployment Guide

H3C SSL VPN RADIUS Authentication Configuration Example

Strong Authentication for Juniper Networks SSL VPN

Strong Authentication for Juniper Networks

Introducing the FirePass and Microsoft Exchange Server configuration

LockoutGuard v1.2 Documentation

Preparing for GO!Enterprise MDM On-Demand Service

Transcription:

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management Problem: The employees of a global enterprise often need to telework. When a sales representative attends customer site for a product demonstration or when an engineer comes over to customer site for onsite service, they very often need to retrieve information or documents which are only available on the corporate network. The company has implemented Microsoft Active Directory as the directory service to provide the means to manage the identities and relationships that make up the corporate Local Area Network. To simplify the users experience and improve working efficiency for the employees who require to frequently accessing corporate network application when they are working outside the company, the IT department in the company had decided to roll out SSL VPN remote access service over the secured corporate network resource to the mobile users. The mobile users sometimes need to remotely access the corporate network by using a public computer or any computer from customer site. Therefore, enhancing user account security became an essential criteria for the remote access service. A secure password is commonly difficult to remember. Very often the users forgot their own password, and call the IT department to reset the password for them. These events heavily increase the work load of help desk. In order to simplify user account management and enhance the user account password security, finally the IT department decided to employ Active Directory Service in conjunction with OTP (One Time Password) as the SSL VPN authentication method for the mobile application users. - 1 -

ZyXEL Solution: How does ZyWALL OTP co work with Microsoft Active Directory over the SSL VPN application? The user opens a web browser on the remote client PC and connects to the ZyWALL logon page. ZyWALL logon page comes up and the user enters the logon information, known as the Microsoft Active Directory domain username, domain password and OTP (One Time Password) generated from the ZyWALL OTP hardware token. The client PC sends the user account information to the ZyWALL. The ZyWALL relay the entire logon information to the back end authentication server (ASAS Server). The ASAS server keeps the OTP and forwards the domain user name and domain password to the AD server. The AD server verifies the username and the password and feedbacks ASAS the result from authentication. The ASAS server verifies the OTP if authentication is successful, otherwise, it denies the remote access attempt. If OTP verification succeeds, then it grants access. Note: There are totally 3 different types of ZyWALL OTP operation mode: Default Mode = (Login SSL VPN) with OTP Pin + OTP OTP Mode = OTP only AD Mode = Domain Password + OTP In the application scenario discussed here, the ZyWALL OTP runs in AD Mode. In order to employ Active Directory in conjunction with the ZyWALL OTP authentication over the ZyWALL 1050 SSL VPN, there are few phases to be discussed. The following sections provide detail configuration instructions for connection over the ZyWALL 1050 / Microsoft Active Directory / ZyWALL OTP ASAS. Microsoft Active Directory Configuration: Create a Microsoft Active Directory user account for remote login over the ZyWALL 1050 SSL VPN 2

ZyWALL 1050 Configuration: Create an External User over the ZyWALL 1050 Create a SSL VPN Application Configure Access Privilege Configure AAA Server Configure Auth. Method ZyWALL OTP ASAS Configuration: Add a NAS Entry Assign the NAS Entry to the newly created user Switch the ASAS Operation into AD mode Add a LDAP Server by using ASAS web Management Console Active Directory configuration: Domain name: cso.net IP Address: 192.168.1.1 ZyWALL ASAS Server: IP Address: 192.168.1.35 Active Directory Configuration: In this section, you will create a new user through the Active Directory Domain Controller for SSL VPN application. STEP 1: On the DC (Domain Controller), open the management console from Start > Administrative Tools > Active Directory Users and Computers. - 3 -

STEP 2: Right Click on the User group name or OU (Organization Unit) name and select New > User. STEP 3: Fill in the user account details, e.g. First Name, Last Name and logon name. Click Next to enter the user password page. STEP 4: Enter the AD account password. 4

STEP 5: Click Finish in order to complete user creation. - 5 -

ZyWALL 1050 Configuration: STEP 1: Create an External User over the ZyWALL 1050 Navigate to ZyWALL > Object > User/Group, click on Add. Enter the user name (same as the AD user name) and specify the user type as Ext User. STEP 2: Create an SSL Application Create a Web Application by navigating to ZyWALL > Object > SSL Application and clicking on Add. STEP 3: Assign the Access Privilege Navigate to ZyWALL > SSL VPN > Access Privilege. Click Add in order to create a new SSL VPN Access Policy. Name the newly created SSL VPN policy and assign the newly created user and the SSL VPN application he is to be allowed to access. Click OK to complete SSL VPN policy configuration. 6

STEP 4: Configure the RADIUS Server (ASAS Server) Navigate to ZyWALL > Object > AAA Server > RADIUS, specify the ASAS server IP / Authentication Port / Key. (Note: Key is the Shared Secret value you configure on ZyWALL OTP ASAS server.) STEP 5: Configure the Authentication Method Navigate to ZyWALL > Object > Auth. Method > Edit, add Group Radius. - 7 -

ASAS Configuration: STEP 1: Add a NAS Entry Logon into the ASAS WMC by using a ASAS administrator account. Click Server Configuration > NAS Entries > Add NAS Entry. Please fill the table up with information provided by the Active Directory or network administrator and then click Add. In the Name column, please fill a name that represents the domain controller that is going to have two of the Active Directory plug ins installed. The IP Address is the IP address of the designated domain controller. The Shared Secret is the handshake message between the ASAS and domain controller. Here please fill it with the string radius, for it is the default radius secret. 8

STEP 2: Assign the NAS Entry to the newly created user STEP 3: Manually change the ASAS Operation into AD Mode Edit the AuthServer.properties which located in c: \ program files \ Authenex \ ASAS \ Server \ lib. Find the parameter OTP PIN Mode and change its value to ad. - 9 -

STEP 4: Add a LDAP Server from ASAS WMC (Web Management Console) Click Server Configuration > LDAP Servers > Add LDAP Servers in order to create a LDAP server. Fill in the following details into the LDAP server table as follows: Name: MSAD IP Address: 192.168.1.35 (Known as the Active Directory Server IP Address.) User Name: cn=administrator,cn=users,dc=cso,dc=net User Password: Password (Known as the AD administrator password.) Organization: dc=cso, dc=net STEP 5: Restart the Authenex RADIUS Server in advance the complete configuration over ASAS. 10

- 11 -

Validation: Once you complete the previous configuration, you can start to validate by logon into the ZyWALL SSL VPN. Remark: User name: Active Directory domain username Password: Active Directory domain password One time Password: The 6 digits one time password generated from the ZyWALL OTP token 12

If the authentication is successful, you will see the welcome message from the personal portal. - 13 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information