Chapter 8. User Authentication

It is unfortunate that some people cannot be trusted to do only what they are supposed to do. If it were not for these people, you would not need to take security measures to protect your networks. Authentication provides a mechanism for validating user identities and also provides different levels of access. FireWall-1 provides several different mechanisms for authenticating users.

In this chapter, I cover the key to all authentication schemes used within FireWall-1 today: passwords. Next, I cover the three methods of authentication supported by FireWall-1 for users, complete with a demonstration of each: User Authentication, Session Authentication, and Client Authentication. I then discuss how to actually set up FireWall-1 so it can perform authentication, including how to integrate FireWall-1 with various external authentication servers. Finally, I discuss how to troubleshoot authentication-related problems.

By the end of this chapter, you should be able to:

  • Understand the difference between static and one-time password systems

  • Use User, Session, and Client Authentication as a user

  • Understand which authentication mechanism is the most appropriate for a given situation

  • Set up User, Session, and Client Authentication

  • Integrate supported third-party authentication servers into FireWall-1

  • Configure Clientless VPN functionality

  • Troubleshoot problems with authentication