R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
360
Table 51 Configuration items
Item Descri
p
tion
Title Enter a name for the bulletin.
Content Enter the contents of the bulletin.
Selected User Groups
Select the user groups that can view the bulletin.
Available User Groups
Configuring authentication policies
SSL VPN supports local authentication, RADIUS authentication, LDAP authentication, AD authentication,
and combined authentication of any two of the previous four authentication methods.
Local authentication, LDAP authentication, and AD authentication each supports three authentication
policies:
• Password—Authenticates only a user's password.
• Password+Certificate—Authenticates a user's password and client certificate.
• Certificate—Authenticates only a user's client certificate.
RADIUS authentication supports only two authentication policies: password and password+certificate.
Configuring local authentication
Local authentication authenticates users by using the user information saved on the SSL VPN gateway.
This authentication method is the fastest because user information is locally saved, and the SSL VPN
gateway does not need to exchange information with an external authentication server. However, the
number of local users is limited by the capacity of the SSL VPN gateway.
Select VPN > SSL VPN > Domain Management > Authentication Policy from the navigation tree. The
Local Authentication tab appears, as shown in Figure 251.
Figure 251 Local authentication
Table 52 Configuration item
Item Descri
p
tion
Authentication Policy
Select an authentication policy for local authentication. Options include Password,
Password+Certificate, and Certificate.
Configuring RADIUS authentication
The Remote Authentication Dial-In User Service (RADIUS) protocol is a distributed, client/server mode
information exchange protocol for protecting networks against unauthorized access. It is usually
deployed in networks that require secure remote access. The SSL VPN system can cooperate with the
existing RADIUS server of an enterprise seamlessly to provide RADIUS authentication. Users in the
enterprise can use their original accounts for RADIUS authentication through SSL VPN.