We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure Additional Authentication Schemes

  • Last updated on

On the Barracuda NG Firewall, you can introduce additional authentication schemes, for example, to configure a second proxy server in your network with an alternative authentication server. There is no limit to the number of authentication schemes that you can add.

References to additional schemes are not checked for integrity. Keep in mind that schemes may be deleted even though they are used by VPN users.

Configure an Additional Authentication Scheme

  1. Open the Authentication Service page (Config >  Full Config  Box  > Infrastructure Services).
  2. Click Lock.
  3. In the left menu, click Additional Schemes.
  4. In the Schemes section, click + to add an entry for the additional authentication scheme.
  5. Enter a Name for the additional authentication scheme.
  6. Enable the scheme to start the authentication processes.
  7. Select the scheme from the Method list.
  8. Configure the settings applicable to the selected scheme:
  9. In the Filter Settings section, select the scheme from the User Info Helper Scheme list if group information is queried from a different authentication scheme. For example, select LDAP if RADIUS is used for identity verification but group information must be queried from an LDAP directory.
  10. In the Group Filter Patterns table, you can add patterns to filter group information from the directory service.

    • Group Filter Pattern: *SSL*
    • User01: CN=foo, OU=bar, DC=foo-bar, DC=foo
    • User02: CN=SSL VPN, DC=foo-bar, DC=foo

    In this example, User01 does not have the *SSL* pattern in its group membership string and will not match in group-based limitations.

  11. Click  OK .
  12. Click  Send Changes  and Activate .
Last updated on