This solution applies to Barracuda SSL VPNs, all firmware versions.
There are seven different types of authentication to log a user into SSL VPN. These are as follows:
- Client certificates
- IP authentication
- Authentication key
- One time password via E-mail
- Personal questions
The authentication schemes can be used in conjunction with one another, and can be leveraged to provide staggered layers of access to various resources on the Barracuda SSL VPN. For instance, a password may grant a user access to an email resource, but a password and a public key might grant the same user further access to a shared network drive.
To configure an authentication scheme:
- Open a web browser and navigate to your Barracuda SSL VPN; logon with the ssladmin user id.
- Navigate to Access Control > Authentication Schemes, here you may enter a name for a new Authentication Scheme.
- Select as many of the authentication modules as required, then click Add to the right.
- Select the Policies that this new authentication scheme will be valid for, then click Add to the right.
- To save the new scheme, click the Add button at the bottom. The auth scheme will then appear in the list below.
You may then change the order of the Authentication schemes if required. That is, if you want this new scheme to be the default password scheme that is prompted for, then click More... and then Increase Priority until it is at the top of the list.
Multi-factor authentication can easily be configured in this way by selecting more than one module (although some modules can not be the first in the list, such as One Time Password or Personal Questions). The order in which the authentication types are prompted can be adjusted in the list on the right-hand side.
Link to This Page: