Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
361362363364365366367368369370
360
4. Configure AD authentication:
AD is a directory service provided by Windows 2000 Server and later versions. It saves
information of objects on a network and allows administrators and users to query the information.
AD uses structured data storage, which is the basis of the directory information logical structure.
The SSL VPN system can cooperate with the existing AD server of an enterprise seamlessly to
provide AD authentication for users in the enterprise.
For successful AD authentication of a user, you must also configure the user information on the AD
authentication server, create user groups, and add the user to the user groups. Make sure that the
user groups configured on the authentication server exist on the SSL VPN gateway. Otherwise, the
user cannot log in. The number of user groups that the gateway supports for a user has a limit.
Make sure the number of user groups specified for a user on the authentication server is equal to
or less than the limit.
a. Select VPN > SSL VPN > Domain Management > Authentication Policy from the navigation
tree.
b. Click the AD Authentication tab.
The LDAP authentication configuration page appears, as shown in
991HFigure 258.
Figure 258 AD authentication
c. Configure the AD authentication as described in 992HTable 52.
d. Click Apply.
Table 52 Configuration items
Item Descri
p
tion
Enable AD
authentication
Select this item to enable AD authentication.
AD Domain Name Enter the name of the AD domain.
AD Server IP
Enter the IP addresses of the AD servers.
You can specify four AD servers at most. When one server fails, the system uses another
server to authenticate users. The system selects the specified servers in the configuration
order of the servers. The first configured server has the highest priority.
Authentication Mode
Select an authentication mode for AD authentication. Options include Password,
Password+Certificate, and Certificate.
Server Recovery Time Set the interval at which the system checks whether the failed AD server recovers.