This solution applies to Barracuda SSL VPNs, all firmware versions.
Authentication schemes are varying methodologies of validating user credentials submitted by the client browser against the user database. The Barracuda SSL VPN has support for eight modules, which may be used individually or in combination with one another, to create authentication schemes. The available modules and their descriptions are as follows:
- Authentication Key: Authentication
keys are generated on your Barracuda SSL VPN and are passed out to
users via a computer laptop or a USB keychain drive. When
authenticating using this module, the Barracuda SSL VPN will scan
client drives for the authentication key or ask the user to provide a
path to the key's file.
- Client Certificate: Client
certificate authentication is a mechanism of authenticating against an
SSL certificate stored in the client browser; client certificates can
be generated by the Barracuda SSL VPN or by other keystores such as
Active Directory. See Solution #00003769 for further information.
- IP Authentication: IP
authentication determines the IP address of the client when connecting
and validates it against a list or range of IP addresses, configured by
the administrator. Per user IP restrictions can be configured by
navigating to Access Control > Accounts, selecting the appropriate user, and clicking on the edit icon adjacent to the user's name. Under the section Authorized IP
you can enter in a specific address, a CIDR network range, or a
wildcard address to restrict from which IP addresses the user can log
on. At the moment only one entry is permitted.
- One-Time Password (Secondary): One-time
password authentication works by sending a randomly generated password
to the user via email. This can help enhance security by verifying that the user
has access to his or her email account or mobile phone. As it is a
secondary authentication mechanism, one-time password authentication
must be used in conjunction with at least one other primary method.
Please refer to Solution #00003776 for further information.
- Password: The password module authenticates using a typical username / password pair.
- Personal Questions (Secondary): Under
the Personal Questions module the user is presented with a personal
security question selected at random. Security questions, such as
"Mother's Maiden Name," can be configured by the user on his or her
attributes page within the Barracuda SSL VPN web user interface. As the
Personal Questions module is a seconday module, it must be used in
combination with another, primary authentication module. It must also
not come first in your list of modules when configuring a new
authentication scheme in Access Control > Authentication Schemes.
- Pin Number: The
PIN number authentication module uses a string of digits as a
passphrase for a user. For further information on the PIN number
authentication module, please see Solution #00003945.
- RADIUS: The RADIUS (Remote Authentication Dial In User Service) authentication module allows the Barracuda SSL VPN to authenticate users against an external RADIUS server. For further information on the RADIUS authentication module, please see Solution #00003947.
Link to This Page: