It is unfortunate that some people cannot be trusted to do only what they are supposed to do. If it were not for these people, you would not need to take security measures to protect your networks. Authentication provides a mechanism for validating user identities and also provides different levels of access. FireWall-1 provides several different mechanisms for authenticating users.
In this chapter, I cover the key to all authentication schemes used within FireWall-1 today: passwords. Next, I cover the three methods of authentication supported by FireWall-1 for users, complete with a demonstration of each: User Authentication, Session Authentication, and Client Authentication. I then discuss how to actually set up FireWall-1 so it can perform authentication, including how to integrate FireWall-1 with various external authentication servers. Finally, I discuss how to troubleshoot authentication-related problems.
By the end of this chapter, you should be able to:
Understand the difference between static and one-time password systems
Use User, Session, and Client Authentication as a user
Understand which authentication mechanism is the most appropriate for a given situation
Set up User, Session, and Client Authentication
Integrate supported third-party authentication servers into FireWall-1
Configure Clientless VPN functionality
Troubleshoot problems with authentication