Print Download PDF Send Feedback

Previous

Next

Working with Authentication

Supported Authentication Schemes

Authentication schemes employ user names and passwords to identify valid users. Some schemes are maintained locally, storing user names and passwords on the VSX Gateway, while others store authentication information on an external authentication server. Some schemes, such as SecurID, are based on providing a one-time password.

All of the schemes can be used with users defined on an LDAP server. For additional information on configuring a Security Gateway to integrate with an LDAP server, refer to the User Directory (LDAP) and User Management section in the R80.30 Security Management Administration Guide.

Check Point Password

VSX stores a static password for each user in the Management Server database. No more software is required.

Operating System Password

VSX can authenticate users by means of a user name and password defined on the Management Server operating system. You can also use passwords stored in a Windows domain. No additional software is required.

RADIUS

Remote Authentication Dial In User Service (RADIUS) is an external, server-based authentication protocol that provides authentication services using the UDP protocol.

TACACS, TACACS+

Terminal Access Controller Access Control System (TACACS) is an external, server-based authentication protocol that provides verification services using the TCP protocol. TACACS+ is an enhanced version of the TACACS that supports additional types or authentication requests and response codes.

SecurID

SecurID requires users to possess a token authenticator and to supply a password. Token authenticators generate one-time passwords that are synchronized to an RSA ACE/Server. Hardware tokens are key-ring or credit card-sized devices, while software tokens reside on the PC or device from which the user wants to authenticate. All tokens generate a random, one-time use access code that changes approximately every minute. When a user attempts to authenticate to a protected resource, the one-time use code must be validated by the ACE/Server.