1 Summary. Step by Step Guide to implement SMS authentication to Bluecoat ProxySG

Similar documents
Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

Setup Citrix Access Gateway Enterprise Edition (NetScaler) for use of multiple authentication methods.

MICROSOFT ISA SERVER 2006

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

Multi-factor Authentication using Radius

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

NSi Mobile Installation Guide. Version 6.2

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

DIGIPASS Authentication for Cisco ASA 5500 Series

External Authentication with Citrix Access Gateway Advanced Edition

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

SecurEnvoy IIS Web Agent. Version 7.2

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Basic Exchange Setup Guide

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

Adobe Connect LMS Integration for Blackboard Learn 9

Configuring Global Protect SSL VPN with a user-defined port

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

Defender EAP Agent Installation and Configuration Guide

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

IIS, FTP Server and Windows

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

Basic Exchange Setup Guide

Cloud Services ADM. Agent Deployment Guide

BlackShield ID Best Practice

How To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net (Net 2) On A Gmaalto.Com Web Server

DIGIPASS Authentication for GajShield GS Series

Flexible Identity. LDAP Synchronization Agent guide. Bronze. version 1.2

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

Configuration Guide. BES12 Cloud

Installation Guide v3.0

System Administration Training Guide. S100 Installation and Site Management

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

McAfee One Time Password

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

WhatsUp Gold v16.3 Installation and Configuration Guide

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Using RD Gateway with Azure Multifactor Authentication

IIS SECURE ACCESS FILTER 1.3

Product Guide Revision A. McAfee One Time Password 4.1.0

F-Secure Messaging Security Gateway. Deployment Guide

How-to setup a proxy in the cloud

Active Directory Management. Agent Deployment Guide

Installing Policy Patrol on a separate machine

Juniper SSL VPN Authentication QUICKStart Guide

Integration Guide. Swivel Secure Authentication

Configuration Guide BES12. Version 12.3

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter

NETWRIX EVENT LOG MANAGER

Database Configuration Guide

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Remote Access Technical Guide To Setting up RADIUS

OTP Server Integration Module

Sophos UTM Web Application Firewall for Microsoft Exchange connectivity

Configuring Thunderbird with UEA Exchange 2007:

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

OCS Training Workshop LAB14. Setup

Microsoft Outlook Web Access 2013 Authenticating Users Using SecurAccess Server by SecurEnvoy

SecurEnvoy Security Server Installation Guide

Agent Configuration Guide

Reference and Troubleshooting: FTP, IIS, and Firewall Information

ADFS Integration Guidelines

Virtual Web Appliance Setup Guide

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

FTP, IIS, and Firewall Reference and Troubleshooting

DIGIPASS Authentication for Check Point Security Gateways

How to Set Up Outlook 2007 and Outlook 2010 for Hosted Microsoft Exchange if the Program is Already Installed

Active Directory Management. Agent Deployment Guide

Enterprise Manager. Version 6.2. Installation Guide

Product Guide Addendum. SafeWord Check Point User Management Console Version 2.1

Elluminate Live! Access Guide. Page 1 of 7

Introduction to Directory Services

Configuring Windows Server Clusters

BlackShield ID Agent for Remote Web Workplace

DIGIPASS Authentication for SonicWALL SSL-VPN

Configuring User Identification via Active Directory

Virtual Managment Appliance Setup Guide

Kaseya Server Instal ation User Guide June 6, 2008

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Phone Inventory 1.0 (1000) Installation and Administration Guide

VMware Identity Manager Connector Installation and Configuration

Network Security Solutions Implementing Network Access Control (NAC)

Authentication Node Configuration. WatchGuard XTM

How to configure MAC authentication on a ProCurve switch

INTEGRATION GUIDE. DIGIPASS Authentication for Citrix NetScaler (with AGEE)

Managing Identities and Admin Access

HELP DOCUMENTATION SSRPM WEB INTERFACE GUIDE

Transcription:

Installation guide for securing the authentication to your Bluecoat ProxySG solution with Nordic Edge One Time Password Server, delivering two-factor authetication via SMS to your mobile phone. 1 Summary This is the complete installation guide for securing the authentication to your Bluecoat ProxySG solution with Nordic Edge One Time Password Server, delivering two-factor authentication via SMS to your mobile phone. You will be able to test the product with your existing SSL-VPN solution box and your LDAP user database, without making any changes affecting existing users. The guide will also allow you to make the complete installation efficiently, using a maximum of 1 hour. Nordic Edge provides several methods for delivering one time passwords, like e-mail, tokens, mobile clients, Pledge, prefetch, Yubikey etc. However in this test we are only going to use SMS. This is a step-by-step guide covering the entire installation from A to Z. It is based on the scenario that you are running your SSL-VPN solution against Active Directory, and that you install the One Time Password Server on a Windows Server. The One Time Password Server is platform independent and works with all other LDAP user databases, like edirectory, Sun One, Open LDAP etc. If you are not running Active Directory or Windows and if you have any questions regarding the slight differences in the installation process, you are most welcome to contact us

at support@nordicedge.se and we will take you through the entire process.

Table of Contents 1 Summary Table of Contents 2 Prerequisites Important information regarding communication 3 Getting started 3.1 Register and download the software 4 Installation 4.1 Start the installation 4.2 Installing license 5 Configuring the One Time Password Server 5.1 Start the OTP Configurator Start the OTP Configurator by clicking on the left button - Configuration 5.2 Configure the One Time Password Server 5.3 Configure RADIUS 5.4 Configure databases 5.5 Configure LDAP Host Settings 5.6 Configure the LDAP database settings 5.7 Configure search filter 5.8 Test LDAP Authentication 6 Configure the SSL-VPN client settings. 7 Configure Delivery Method 8 Restart the One Time Password Server as Windows Service 9 Add mobile phone number with Microsoft Management Console 10 configuring the Bluecoat ProxySG 10.1 Authentication 10.2 Policy - launch VPM 10.3 For Admin Authentication create Admin Authentication Layer 10.4 Create Admin Access for the appropriate access

10.5 For Web Access, Create Web Authentication Layer 12 Technical questions

Definitions In this Step by Step guide the Bluecoat ProxySG is referred as "SSL-VPN Solution" 2 Prerequisites You will need a server, for example a VMware virtual machine, with Windows Server 2003 or higher installed with Ethernet in bridge mode. The server must have a static ip-address configured and must also be able to reach your DNS-servers, your SSL-VPN solution and Active Directory. Since the software is quite small (315 mb) and easy to remove, you can also use any existing server from your network. Important information regarding communication The One Time Password Server is a software that can be installed on any existing server in your network or DMZ. - The One Time Password Server must be able to communicate (Outbound traffic) with your LDAP or JDBC User Database. Default port for LDAP and Secure LDAP are TCP port 389 / 636. - The SSL-VPN solution must be able to communicate (Outbound traffic) with the One Time Password Server via Radius, UDP port 1812 or 1645 (Outbound traffic). - If you want to use the Nordic Edge SMS Gateway, the One Time Password Server must be able to communicate (Outbound traffic) with otp.nordicedge.net and otp.nordicedge.se with HTTPS on TCP port 443. In the following test-scenario you will need to communicate with RADIUS port 1812 or 1645 and use the Nordic Edge SMS Gateway.

3 Getting started 3.1 Register and download the software Go to www.nordicedge.net and click "PRODUCTS" and then "Downloads"

Type in your name and contact details to receive the software.

You will receive a link for downloading the software. A 30 days evaluation license will be sent via e- mail when you download the software. Download the 32 or 64 bit version depending on your platform.

4 Installation 4.1 Start the installation

Start the installation on the server where you want to install the One Time Password Server Please note that if you are installing on a Windows 2008 Server you need to right click on the otp3install.exe using explorer and click on Run as Administrator.

Click Next

Click Next

Click Next 4.2 Installing license Choose the license.dat you received via e-mail.

Click Next

Click Next

Click Next

Click Install

Click Next

Leave default on Yes and click Done Click Done

5 Configuring the One Time Password Server 5.1 Start the OTP Configurator Start the OTP Configurator by clicking on the left button - Configuration 5.2 Configure the One Time Password Server

On the Server page you can set the length of the one time password and for how long it should be valid. Default is 5 minutes. You can also set a default country prefix, which means you will not need to set it in the mobile attribute. For more information regarding the optional setting please see One Time Password Server 3 Administration manual For now, leave this page as default and go on to the next part Configure RADIUS. 5.3 Configure RADIUS Change to the RADIUS tab and configure the RADIUS port you want to use to communicate with your Bluecoat ProxySG server. In this example we are using RADIUS port nb 1645.

Click Save config. 5.4 Configure databases In this setup we are going to use the Microsoft Active Directory LDAP database. Change to the Databases tab and click on the LDAP Database button.

5.5 Configure LDAP Host Settings For this configuration we will use the active directory installed on the same server as the One Time Password Server. We will use the internal IP-address (127.0.0.1) as host address. We will use the standard LDAP port No. 389 to communicate with Active Directory. Admin DN will be the Administrator user to search for user objects in the Active Directory database. For now this user only need read rights to the user objects attributes but be aware that later you might

want to use options like disable accounts or the Pledge Enrollment concept from the Pledge Mobile Client. In this event the Admin DN need write rights to modify the disable account attribute and to store oath-keys into an optional user attribute. Configure your LDAP host settings and click test. You should now get a messages saying LDAP connection success Click OK and Save Next step is to configure the LDAP database settings.

5.6 Configure the LDAP database settings The BASE DN is the search base from where OTPServer will start looking for user objects. Click on the button with three dots at the right side of the Base DN field to browse your LDAP Database. Select an Organization Unit or Organization in Active Directory and click OK. 5.7 Configure search filter

Next step is to configure the search filter for One Time Password to search users via selected object classes and attributes according to the Microsoft Active Directory schema. Click on the Sample Button and choose the filter template for MS Active Directory and click OK twice. 5.8 Test LDAP Authentication Click on the Test LDAP Authentication button and type in the userid of a user you know exist in the directory.

Type in the password

If configuration is correct you will see the following success message. 6 Configure the SSL-VPN client settings. Since One Time Password Server is also a RADIUS-server, the Cisco ASA 5500 is considered a client to the One Time Password Server. Next step is to configure the settings for this client. In the left pane click on Clients

Type in a name and ipaddress for your Bluecoat ProxySG. Type in the RADIUS shared secret. Choose the Active Directory you configured earlier as User Database. Click Save

7 Configure Delivery Method The Delivery Methods category is meant for enabling and configuring one or more delivery methods that can be used by the OTP Server to send one-time passwords. One Time Password Server offers various methods like SMS, Oath Tokens, Instant Messaging, HTTP, Yubikey. In this example we will use SMS with the Nordic Edge SMS-service as the SMS-provider.

During the evaluating phase we offer customers to use our Nordic Edge SMS-service free of charge for 30 days from the activation of the Demo Account. In the left Pane, click Delivery Methods and then Nordic Edge SMS. In the right pane enable Nordic Edge SMS Gateway. To Request a demo account click Request a demo account. Click Yes

You should now get a success message and the Username and Password for the Nordic Edge SMSgateway has automatically been filled in. Click OK and Save Config.

8 Restart the One Time Password Server as Windows Service In the server panel for click Shutdown

In Windows Control Panel, open Administrative Tools / Services Find the NordicEdge OTPServer Service, right click on that service and click Start.

9 Add mobile phone number with Microsoft Management Console Add a mobile phone number to your test user mobile phone attribute by starting the Microsoft MMC, select the test user and enter the mobile phone number into the Mobile attribute.

10 configuring the Bluecoat ProxySG 10.1 Authentication --> New RADIUS Realms Configure as below

Note, Timeout value should be set to atleast 15 seconds. The checkbox for OTP should be checked

10.2 Policy - launch VPM 10.3 For Admin Authentication create Admin Authentication Layer

10.4 Create Admin Access for the appropriate access

10.5 For Web Access, Create Web Authentication Layer

Done.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information