Borderware MXtreme. Secure Email Gateway QuickStart Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved



Similar documents
Borderware Firewall Server Version 7.1. VPN Authentication Configuration Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

F-SECURE MESSAGING SECURITY GATEWAY

Security Provider Integration RADIUS Server

How To Configure A Bomgar.Com To Authenticate To A Rdius Server For Multi Factor Authentication

Configuring Sponsor Authentication

How to Logon with Domain Credentials to a Server in a Workgroup

Check Point FW-1/VPN-1 NG/FP3

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

NetMotion + YubiRADIUS Quick Start Guide

Network Load Balancing

F-Secure Messaging Security Gateway. Deployment Guide

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Technical Note. Configuring Outlook Web Access with Secure WebMail Proxy for eprism

How To - Implement Clientless Single Sign On Authentication with Active Directory

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

Cisco VPN Concentrator Implementation Guide

Core Protection Suite

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

External Authentication with Citrix Access Gateway Advanced Edition

Using RADIUS Agent for Transparent User Identification

Apache Server Implementation Guide

BlackShield ID Agent for Remote Web Workplace

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Training Guide eprism Security Appliance 4.0

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Strong Authentication for Microsoft TS Web / RD Web

Configuration of a Load-Balanced and Fail-Over Merak Cluster using Windows Server 2003 Network Load Balancing

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

BroadSoft BroadWorks ver. 17 SIP Configuration Guide

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

MIGRATION GUIDE. Authentication Server

Security Provider Integration LDAP Server

A D M I N I S T R A T O R V 1. 0

Firewall Defaults and Some Basic Rules

Chapter 5 Virtual Private Networking Using IPsec

Two-Factor Authentication

PineApp Surf-SeCure Quick

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

Preparing for GO!Enterprise MDM On-Demand Service

Configuring Global Protect SSL VPN with a user-defined port

Chapter 8 Router and Network Management

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

CipherMail Gateway Quick Setup Guide

The Bomgar Appliance in the Network

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Sophos UTM Web Application Firewall for Microsoft Exchange connectivity

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

HOTPin Integration Guide: DirectAccess

Strong Authentication for Microsoft SharePoint

Juniper Networks SSL VPN Implementation Guide

Configuration Information

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Security Provider Integration Kerberos Authentication

Microsoft IAS Configuration for RADIUS Authorization

Implementing MDaemon as an Security Gateway to Exchange Server

RSA SecurID Ready Implementation Guide

1 You will need the following items to get started:

Quick Start Guide. Sendio System Protection Appliance. Sendio 5.0

Setting up Microsoft Office 365

SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Owner of the content within this article is Written by Marc Grote

User-ID Configuration

Agent Configuration Guide

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

McAfee One Time Password

govroam Web Interface User Guide

Active Directory Management. Agent Deployment Guide

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Setting up Microsoft Office 365

ESET SECURE AUTHENTICATION. Check Point Software SSL VPN Integration Guide

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

Remote Access Technical Guide To Setting up RADIUS

ESET SECURE AUTHENTICATION. SonicWall SSL VPN Integration Guide

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.

Personal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address

Windows Vista: Connecting to the wireless network at Hood College

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

Radius Integration Guide Version 9

RSA SecurID Ready Implementation Guide

Configuration Guide BES12. Version 12.3

Using DC Agent for Transparent User Identification

Plesk 11 Manual. Fasthosts Customer Support

Configuration Guide. Websense Web Security Solutions Version 7.8.1

SonicWALL PCI 1.1 Implementation Guide

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

Using MailStore to Archive MDaemon

IM and Presence Service Network Setup

BorderWare Firewall Server 7.1. Release Notes

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

How To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net (Net 2) On A Gmaalto.Com Web Server

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

Security Technology: Firewalls and VPNs

Transcription:

Borderware MXtreme Secure Email Gateway QuickStart Guide Copyright 2005 CRYPTOCard Corporation All Rights Reserved http://www.cryptocard.com

Overview MXtreme is a hardened appliance with a highly robust mail transfer agent (MTA) and email gateway that prevents email-borne threats from entering the network while protecting against spam and viruses. It also provides content and policy control with the industry s most comprehensive audit and reporting tools. Typically deployed in the DMZ or in parallel to the corporate firewall, MXtreme brokers all inbound and outbound mail traffic for comprehensive email transaction management. Directory authentication allows users to be authenticated without having a local MXtreme account. When an unknown user logs in, MXtreme will send the UserID and password to the specified RADIUS or LDAP server. If the user is authenticated, MXtreme logs them in and provides access to the specified server or servers. RADIUS and LDAP are widely supported, and provide a convenient way of providing access to internal mail servers or web mail servers such as Outlook Web Access. Users who login locally to an Exchange server based on an Active Directory identity can use the same identity to use Outlook Web Access using MXtreme s Secure WebMail service. Note: If both RADIUS and LDAP services are defined, the system will try to authenticate via RADIUS first, and then LDAP if the RADIUS authentication fails. If using CRYPTO-Server with LDAP and RADIUS, CRYTPO-Server will first verify the userid against LDAP, then perform the authentication. In this mode failover to LDAP authentication is not recommended. 1. 2. 3. End-User responds to the MXtreme logon prompt by entering their logon name and CRYPTOCard generated One-time Password (OTP). MXtreme passes the authentication request via RADIUS to CRYPTO-Server. CRYPTO- Server authenticates the End-user and passes a RADIUS accept message back. MXtreme allows access to mail services on receipt of the RADIUS accept message. 3 rd Party Integration: Borderware Secure Email Gateway Quickstart Guide 1

Configuring RADIUS Authentication Select User Mailboxes / Directory Users from the menu to configure RADIUS authentication. Server Enter the FQDN or IP address of the RADIUS server. Shared Secret Enter the shared secret for the RADIUS server. A shared secret is a text string that acts as a password between a RADIUS server and client. Choose a secure shared secret of at least 8 characters in length, and include a mixture of upper and lowercase alphabetic characters, numbers, and special characters such as the @ symbol. Timeout Enter a timeout value to contact the RADIUS server. Retry Enter the retry interval to contact the RADIUS server. The servers listed in the Accessible Servers option are configured via User Mailboxes / Secure WebMail. See the Secure WebMail and BorderPost section of the Mxtreme manual for more detailed information on configuring Secure WebMail. Note: When you add a RADIUS server, the administrator of the RADIUS server must also list this MXtreme Mail Firewall as a client using the same shared secret. All listed RADIUS servers must contain the same users and credentials. Configure the CRYPTO-Server If you wish to use the CRYPTO-Server as your RADIUS server, you must verify that the Protocol Server is configured to accept RADIUS communications. 3 rd Party Integration: Borderware Secure Email Gateway Quickstart Guide 2

Connect to the CRYPTO-Server using the Console, and choose Server -> System Configuration & Status from the menu. In the Entity column choose RadiusProtocol. Next look at the Value corresponding to the key NAS.2. The data in this value field defines which RADIUS clients are allowed to connect to the CRYPTO-Server, and the shared secret they must use. RadiusProtocol NAS.# keys By default, the CRYPTO-Server is configured to listen for RADIUS requests over UDP port 1812, from any host on the same subnet, using a shared secret of testing123. You can manually define as many RADIUS clients as desired by adding NAS.# entries to the CRYPTO-Server configuration. The syntax of the data for a NAS entry is as follows: <First IP>, <Last IP>, <Hostname>, <Shared Secret>, <Perform Reverse Lookup?>, <Authentication Protocols> Where: <First IP>: The first IP address of the RADIUS client(s) configured in this NAS.# key. 3 rd Party Integration: Borderware Secure Email Gateway Quickstart Guide 3

<Last IP>: The last IP address of the RADIUS client(s) configured in this NAS.# key. If only one IP address is defined by a NAS.# key, the <First IP> and <Last IP> will be the same. <Hostname>: Only applies in cases where the NAS.# key is for one host. Required for performing reverse lookup. <Shared Secret>: A string used to encrypt the password being sent between the CRYPTO-Server and the RADIUS client (i.e. the Check Point VPN/Firewall). You will need to enter the exact same string into the Check Point configuration in Section 3. The <Shared Secret> string can be any combination of numbers and uppercase and lowercase letters. <Perform Reverse Lookup?>: An added security feature of the CRYPTO-Server is its ability to verify the authenticity of a RADIUS client by cross-checking its IP address with the Domain Name Server. If this value is set to true, when the CRYPTO-Server receives a RADIUS request from the RADIUS client defined by this NAS.# entry, it sends a request to the DNS using the hostname set in the NAS.# entry. The DNS should respond with the same IP address as configured in the NAS.# entry, otherwise the CRYPTO-Server assumes that the RADIUS packet is coming from some other host posing as the RADIUS client, and ignores the request completely (also known as a man in the middle attack). <Authentication Protocols>: Many different authentication protocols can be used during RADIUS authentication. Common examples are PAP, CHAP,MS-CHAP and EAP. This setting determines which authentication protocols the CRYPTO-Server will allow from a given RADIUS client. Currently PAP and CHAP are the only available authentication protocols for RADIUS clients. NOTE: After changing or adding a NAS.# entry, click the Apply button. Verifying the CRYPTO-Server RADIUS Protocol Settings The RADIUSProtocol.dbg log on the CRYPTO-Server will include information about its RADIUS configuration. Each time the Protocol Server starts, the following information is logged: Adding IP range 127.0.0.1 to 127.0.0.1 to ACL with reverse lookup set to false Adding IP range 192.168.21.1 to 192.168.21.254 to ACL with reverse lookup set to false RADIUS protocol has established link with EJB server at jnp://192.168.21.5:1099 RADIUS Receiver Started: listening on port 1812 UDP. RADIUS Receiver Started: listening on port 1813 UDP. 3 rd Party Integration: Borderware Secure Email Gateway Quickstart Guide 4

This example indicates that the CRYPTO-Server is listening for RADIUS requests on UDP port 1812 (for authentication) and 1813 (for accounting), and RADIUS clients within the IP range of 192.168.21.1 to 192.168.21.254. As well, no reverse lookup is being performed. 3 rd Party Integration: Borderware Secure Email Gateway Quickstart Guide 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information