RSA SecurID Ready Implementation Guide



Similar documents
RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide

Lieberman Software. RSA SecurID Ready Implementation Guide. Account Reset Console. Partner Information. Last Modified: March 20 th, 2012

How to integrate RSA ACE Server SecurID Authentication with Juniper Networks Secure Access SSL VPN (SA) with Single Node or Cluster (A/A or A/P)

RSA SecurID Ready Implementation Guide

Workspot, Inc. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: September 16, Product Information Partner Name

Stonesoft Corp. Stonegate Firewall and VPN

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Juniper Networks SSL VPN Implementation Guide

Two-Factor Authentication

Accessing the Mercy Remote Access Portal (SSL VPN)

Setting Up Scan to SMB on TaskALFA series MFP s.

RSA Authentication Manager 7.1 Basic Exercises

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

IMS Health Secure Outlook Web Access Portal. Quick Setup

VMware Virtual Desktop Manager User Authentication Guide

Lieberman Software Corporation Enterprise Random Password Manager

How To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net (Net 2) On A Gmaalto.Com Web Server

Virtual Appliance Setup Guide

Siteminder Integration Guide

RSA SecurID Certified Administrator (RSA Authentication Manager 8.0) Certification Examination Study Guide

External Authentication with Netscreen 25 Remote VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Endpoint Security VPN for Windows 32-bit/64-bit

RSA Authentication Manager 7.1 Administrator s Guide

RSA Authentication Manager 7.1 Administrator s Guide

RSA ACE/Agent 5.5 for Windows Installation and Administration Guide

PULSE. Pulse for Windows Phone Quick Start Guide. Release Published Date

RSA Authentication Manager 8.1 Help Desk Administrator s Guide

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

RSA SECURID HEALTHCHECK

PineApp Surf-SeCure Quick

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

Aventail Connect Client with Smart Tunneling

Managing Users and Identity Stores

MadCap Software. Upgrading Guide. Pulse

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Juniper SSL VPN Authentication QUICKStart Guide

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

BlackShield ID Agent for Remote Web Workplace

Authentication Node Configuration. WatchGuard XTM

RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide

Installing and Configuring vcloud Connector

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

RSA SecurID Software Token 3.0 for Windows Workstations Administrator s Guide

QUANTIFY INSTALLATION GUIDE

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Abridged. for Security Domain Administrators. IT Services Iowa State University. Jan 2015

Strong Authentication for Juniper Networks

External Authentication with Citrix Access Gateway Advanced Edition

RSA Authentication Manager 8.1 Help Desk Administrator s Guide. Revision 1

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

RSA SecurID Software Token 1.0 for Android Administrator s Guide

Defender Token Deployment System Quick Start Guide

RSA Authentication Manager 7.0 Administrator s Guide

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide

Two-Factor Authentication

EURECOM VPN SSL for students User s guide

Strong Authentication for Juniper Networks SSL VPN

NSi Mobile Installation Guide. Version 6.2

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

Logging into Citrix (Epic) using an RSA Soft Token - New RSA User

Version 1.0 January Xerox Phaser 3635MFP Extensible Interface Platform

Introduction to Google Apps for Business Integration

ProxySG TechBrief Enabling Transparent Authentication

WhatsUp Gold v16.3 Installation and Configuration Guide

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

Security Provider Integration Kerberos Authentication

DIS VPN Service Client Documentation

RSA Secured Implementation Guide for VPN Products

1.6 HOW-TO GUIDELINES

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

What s New in Propalms VPN 3.5?

Virtual Appliance Setup Guide

Deploying F5 with VMware View and Horizon View

Security Provider Integration RADIUS Server

How To Secure An Rsa Authentication Agent

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

VMware Identity Manager Administration

RSA SecurID Token User Guide February 12, 2015

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Remote Access Instructions

RoomWizard Synchronization Software Manual Installation Instructions

Ciphermail Gateway PDF Encryption Setup Guide

Cisco ASA Authentication QUICKStart Guide

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

New Brunswick Internal Services Agency. RSA Self-Service Console User Guide

Check Point FW-1/VPN-1 NG/FP3

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

RSA Authentication Manager 8.1 Planning Guide. Revision 1

DIGIPASS Authentication for Cisco ASA 5500 Series

uh6 efolder BDR Guide for Veeam Page 1 of 36

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Introduction to the AirWatch Browser Guide

Transcription:

RSA SecurID Ready Implementation Guide Partner Information Last Modified: September 30, 2005 Product Information Partner Name Juniper Networks Web Site www.juniper.net Product Name NetScreen SA Version & Platform 5.1R2 (Build 9029) Product Description Juniper Networks Netscreen SSL VPNs lead the market with complete range of SSL VPN appliances, with the form factors and features tailored to meet the needs companies of all sizes. Netscreen SSL VPNs are based on the Instant Virtual Extranet (IVE) platform, which uses SSL, the security protocol found in all standard Web browsers. The use of SSL eliminates the need for client software deployment, changes to internal servers, and costly ongoing maintenance and desktop support. Juniper Networks SSL VPN appliances combine the overall category benefit of a lower total cost of ownership compared to traditional solutions, with unique end-to-end security features. Dynamic access privilege management adds granular access control for each user and for each resource. Product Category Perimeter Devices (Firewalls, VPNs & ID) 1

Solution Summary Partner Integration Overview Authentication Methods Supported Native RSA SecurID Authentication, and RADIUS List Library Version Used 5.2 RSA Authentication Manager Name Locking Yes RSA Authentication Manager Replica Support Full Replica Support Secondary RADIUS Server Support Yes (2) Location of Node Secret on Agent See appendix for more information RSA Authentication Agent Host Type Communication Server RSA SecurID User Specification Designated Users, All Users RSA SecurID Protection of Administrative Users No RSA Software Token API Integration No Use of Cached Domain Credentials No Product Requirements Partner Product Requirements: Juniper Networks Netscreen SA Self-contained appliance Firmware Version 5.1R2 (Build 9029) 2

Agent Host Configuration To facilitate communication between the Juniper Networks NetScreen SA and the RSA Authentication Manager / RSA SecurID Appliance, an Agent Host record must be added to the RSA Authentication Manager local database and RADIUS Server Database (When using RADIUS Authentication Protocol). The Agent Host record identifies the Juniper Networks NetScreen SA within its database and contains information about communication and encryption. To create the Agent Host record, you will need the following information. Hostname IP Addresses for all network interfaces RADIUS Secret (When using RADIUS Authentication Protocol) When adding the Agent Host Record, you should configure the Juniper Networks NetScreen SA as a Communications Server. This setting is used by the RSA Authentication Manager to determine how communication with the Juniper Networks NetScreen SA will occur. Note: Hostnames within the RSA Authentication Manager / RSA SecurID Appliance must resolve to valid IP addresses on the local network. Please refer to the appropriate RSA Security documentation for additional information about Creating, Modifying and Managing Agent Host records. 3

Partner Authentication Agent Configuration Before You Begin This section provides instructions for integrating the partners product with RSA SecurID Authentication. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All vendor products/components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. Documenting the Solution A. Native RSA SecurID Authentication Support 1. Get the sdconf.rec file from the RSA Authentication Manger and store it on the machine from which you will manage the Juniper Networks Netscreen-SA. 2. Log into the Juniper Networks Netscreen-SA Administrator Console. The administrator console can be reached via a web browser by entering the following URL https://hostname/admin. 4

3. In the Administrator Console, choose Signing In - AAA Servers. 4. From the drop-down list, choose ACE Server. 5

5. Click New Server. The configuration page for Authentication Manger ACE Server appears. 6. Fill in the appropriate information. Name: Enter a name to identify the ACE Server instance. Because users may not readily understand the concept of signing into an authentication server, it is recommended that you use a familiar name that conveys a group to which the user belongs, such as corporate or bostonoffice. Port: Change if needed but default is 5500. Import new config file: Click the Browse button to browse to the RSA Authentication Manger configuration file (sdconf.rec) saved in Step 1 above. 7. Click Save Changes. 8. Go to Users Roles and create a role for your RSA SecurID authentication users based on your policies. 6

9. Go to Users Authentication. 10. Click New. 11. Enter the appropriate information for this Authentication Realm. Name: Give the Realm a Name. Authentication Server: Select the RSA Authentication Manager definition defined in step 6 above. 7

12. Click Save Changes. 13. Click New Rule and create a rule. 14. Click the Save Changes button to save your configuration. After successfully configuring the server, RSA SecurID authentication is enabled on the Juniper Networks Netscreen SA. The server doesn t have to be restarted. Users who are configured to use RSA SecurID authentication can sign in with their username and their RSA SecurID PASSCODE. 8

B. Authentication Examples The user will see the following user interface when authenticating against the RSA Authorization Server. Standard sign-in screen. To access sign-in screen, enter the Juniper machine s URL in a browser. The machine s URL is https://a.b.c.d where a.b.c.d is the machine IP address. The user enters their username and RSA SecurID PASSCODE and selects the RSA Authorization Manager Server from the drop-down menu. On success, the user enters the Juniper box. On failure, the user is returned to the sign-in page New PIN screens. Options for User created or System Generated PIN. 9

User created PIN. Pin Accepted. 10

System Generated PIN. Next TOKENCODE Screen. 11

C. RADIUS Authentication Support 1. Follow the instructions in the RSA Authentication Server Guide to enable RADIUS Support on the RSA Authentication Server. 2. Log into the Juniper Networks Netscreen-SA Administrator Console. The administrator console can be reached via a web browser by entering the following URL https://hostname/admin. 3. From the main menu, choose Signing In > AAA Servers. 4. Select RADIUS Server from the drop-down menu and click Create. 5. Enter the RADIUS Server IP address, port number, and shared secret. 6. Click Save changes to save the configuration. 7. Go to Users Roles and create a role for your RSA SecurID Authenticated users based on your policies. 12

8. Go to Users Authentication. 9. Click New. 10. Enter the appropriate information for this Authentication Realm. Name: Give the Realm a Name. Authentication Server: Select the RADIUS definition defined in step 5 above. 11. Click Save Changes. 13

12. Click New Rule and create a rule. 13. Click the Save Changes button to save your configuration. After successfully configuring the server, RADIUS authentication is enabled. Users who are configured to use RADIUS authentication can sign in with their username and PASSCODES.. 14

Certification Checklist Date Tested: September 30, 2005 Certification Environment Product Name Version Information Operating System RSA Authentication Manager Windows 2003 SP1 Juniper Networks NetScreen SA 5.1R2 (Build 9029) 5.1R2 (Build 9029) Mandatory Functionality RSA Native Protocol RADIUS Protocol New PIN Mode Force Authentication After New PIN Force Authentication After New PIN System Generated PIN System Generated PIN User Defined (4-8 Alphanumeric) User Defined (4-8 Alphanumeric) User Defined (5-7 Numeric) User Defined (5-7 Numeric) User Selectable User Selectable Deny 4 and 8 Digit PIN Deny 4 and 8 Digit PIN * Deny Alphanumeric PIN Deny Alphanumeric PIN * PASSCODE 16 Digit PASSCODE 16 Digit PASSCODE 4 Digit Password 4 Digit Password Next Tokencode Mode Next Tokencode Mode Next Tokencode Mode Load Balancing / Reliability Testing Failover (3-10 Replicas) Failover * Name Locking Enabled Name Locking Enabled No RSA Authentication Manager No RSA Authentication Manager Additional Functionality RSA Software Token API Functionality System Generated PIN N/A System Generated PIN N/A User Defined (8 Digit Numeric) N/A User Defined (8 Digit Numeric) N/A User Selectable N/A User Selectable N/A Next Tokencode Mode N/A Next Tokencode Mode N/A Domain Credential Functionality Determine Cached Credential State N/A Determine Cached Credential State Set Domain Credential N/A Set Domain Credential Retrieve Domain Credential N/A Retrieve Domain Credential SWA = Pass = Fail N/A = Non-Available Function 15

Known Issues 1. PIN rejected: If a user were to enter an invalid PIN during PIN creation when authenticating via RADIUS it appears to the end user that their PIN has been accepted when it really has not. In the RSA Authentication Manger Log there will be an error that the new PIN was rejected. 2. Failover: New-PIN and next Tokencode modes do not work all the time when one of the RADIUS Servers are down. 3. System Generated and User Selectable PIN: System Generated and User Selectable PINs do not work via RADIUS authentication Appendix To delete the Node Secret: In the Administrator Console, choose Signing In AAA Servers Then under the Authentication/Authorization Servers heading select the name for the RSA Authentication Manger Server. In this guide it was called RSA_AuthManager. Now check the box next to this node and Click Delete 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information