We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Attention

Barracuda CloudGen Firewall version 8.0 is a cloud-only version. It is currently not available for on-premises deployments and can only be deployed in Microsoft Azure, Amazon Web Services, or Google Cloud Platform public clouds.

How to Configure Additional Authentication Schemes

  • Last updated on

On the Barracuda CloudGen Firewall, you can introduce additional authentication schemes, for example, to configure a second proxy server in your network with an alternative authentication server. There is no limit to the number of authentication schemes that you can add.

References to additional schemes are not checked for integrity. Keep in mind that schemes may be deleted even though they are used by VPN users.

Configure an Additional Authentication Scheme

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.
  2. Click Lock.
  3. In the left menu, click Additional Schemes.
  4. In the Schemes section, click + to add an entry for the additional authentication scheme.
  5. Enter a Name for the additional authentication scheme.
  6. Enable the scheme to start the authentication processes.
  7. Select the scheme from the Method list.
  8. Configure the settings applicable to the selected scheme:
  9. In the Filter Settings section, select the scheme from the User Info Helper Scheme list if group information is queried from a different authentication scheme. For example, select LDAP if RADIUS is used for identity verification but group information must be queried from an LDAP directory.
  10. In the Group Filter Patterns table, you can add patterns to filter group information from the directory service.
    Example:  

    • Group Filter Pattern: *SSL*
    • User01: CN=foo, OU=bar, DC=foo-bar, DC=foo
    • User02: CN=SSL VPN, DC=foo-bar, DC=foo

    In this example, User01 does not have the *SSL* pattern in its group membership string and will not match in group-based limitations.

  11. Click OK.
  12. Click Send Changes and Activate.
Last updated on