On the Barracuda CloudGen Firewall, you can introduce additional authentication schemes, for example, to configure a second proxy server in your network with an alternative authentication server. There is no limit to the number of authentication schemes that you can add.
Configure an Additional Authentication Scheme
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.
- Click Lock.
- In the left menu, click Additional Schemes.
- In the Schemes section, click + to add an entry for the additional authentication scheme.
- Enter a Name for the additional authentication scheme.
- Enable the scheme to start the authentication processes.
- Select the scheme from the Method list.
- Configure the settings applicable to the selected scheme:
- MSNT Settings – For information on the settings in this section, see How to Configure MSNT Authentication.
- MSAD Settings – For information on the settings in this section, see How to Configure MSAD Authentication.
- RADIUS Settings – For information on the settings in this section, see How to Configure RADIUS Authentication.
- LDAP Settings – For information on the settings in this section, see How to Configure LDAP Authentication.
- RSA-ACE Settings – For information on the settings in this section, see How to Configure RSA-ACE SecurID Authentication.
- CloudGen Firewall Local Authentication Settings – For information on the settings in this section, see: How to Configure NGF Local Authentication.
- TACACS+ Settings – For information on the settings in this section, see How to Configure TACACS+ Authentication.
- OSCP Settings – For information on the settings in this section, see How to Configure OCSP Validation.
- In the Filter Settings section, select the scheme from the User Info Helper Scheme list if group information is queried from a different authentication scheme. For example, select LDAP if RADIUS is used for identity verification but group information must be queried from an LDAP directory.
-
In the Group Filter Patterns table, you can add patterns to filter group information from the directory service.
Example:-
Group Filter Pattern:
*SSL*
-
User01:
CN=foo, OU=bar, DC=foo-bar, DC=foo
-
User02:
CN=SSL VPN, DC=foo-bar, DC=foo
In this example, User01 does not have the
*SSL*
pattern in its group membership string and will not match in group-based limitations. -
Group Filter Pattern:
- Click OK.
- Click Send Changes and Activate.