This solution applies to Barracuda SSL VPNs, all firmware versions.
Authentication schemes are varying methodologies of validating user credentials submitted by the client browser against the user database. The Barracuda SSL VPN has support for eight modules, which may be used individually or in combination with one another, to create authentication schemes. The available modules and their descriptions are as follows:
- Authentication Key: Authentication keys are generated on your Barracuda SSL VPN and are passed out to users via a computer laptop or a USB keychain drive. When authenticating using this module, the Barracuda SSL VPN will scan client drives for the authentication key or ask the user to provide a path to the key's file.
- Client Certificate: Client certificate authentication is a mechanism of authenticating against an SSL certificate stored in the client browser; client certificates can be generated by the Barracuda SSL VPN or by other keystores such as Active Directory. See Solution #00003769 for further information.
- IP Authentication: IP authentication determines the IP address of the client when connecting and validates it against a list or range of IP addresses, configured by the administrator. Per user IP restrictions can be configured by navigating to Access Control > Accounts, selecting the appropriate user, and clicking on the edit icon adjacent to the user's name. Under the section Authorized IP you can enter in a specific address, a CIDR network range, or a wildcard address to restrict from which IP addresses the user can log on. At the moment only one entry is permitted.
- One-Time Password (Secondary): One-time password authentication works by sending a randomly generated password to the user via email. This can help enhance security by verifying that the user has access to his or her email account or mobile phone. As it is a secondary authentication mechanism, one-time password authentication must be used in conjunction with at least one other primary method. Please refer to Solution #00003776 for further information.
- Password: The password module authenticates using a typical username / password pair.
- Personal Questions (Secondary): Under the Personal Questions module the user is presented with a personal security question selected at random. Security questions, such as "Mother's Maiden Name," can be configured by the user on his or her attributes page within the Barracuda SSL VPN web user interface. As the Personal Questions module is a seconday module, it must be used in combination with another, primary authentication module. It must also not come first in your list of modules when configuring a new authentication scheme in Access Control > Authentication Schemes.
- Pin Number: The PIN number authentication module uses a string of digits as a passphrase for a user. For further information on the PIN number authentication module, please see Solution #00003945.
- RADIUS: The RADIUS (Remote Authentication Dial In User Service) authentication module allows the Barracuda SSL VPN to authenticate users against an external RADIUS server. For further information on the RADIUS authentication module, please see Solution #00003947.
Link to This Page: