Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Watchguard and Radius
- Thread starter NickS
- Start date
- Thread starter
- #3
When using IAS server how does Watchgaurd differentiate between NT global groups.
Example: I want certain users to have access to mail only and others to have complete network.
I would than create two global groups (ex: Mail, Admin)
And use ID Filters within IAS server, specifying both within the same remote access policy.
Do i than use these same filter names to create my watchguard policies?
Hope this makes sense to you.
Nick
Example: I want certain users to have access to mail only and others to have complete network.
I would than create two global groups (ex: Mail, Admin)
And use ID Filters within IAS server, specifying both within the same remote access policy.
Do i than use these same filter names to create my watchguard policies?
Hope this makes sense to you.
Nick
Sorry for the delayed reply - it's one of those weeks. :S
The Firebox is simply going to use the Radius server to authenticate a user, either for use with a service (such as HTTP access) or for VPN. It doesn't really care who it is as long as it authenticates. Thus you could use 'Admin' to create a restrictive rule on the FB (purposely contrary to what you said), as the access policy is based on the FB rules and it only uses Radius to verify the user.
Hopefully I understood your question, and hopefully you understood my answer.
The Firebox is simply going to use the Radius server to authenticate a user, either for use with a service (such as HTTP access) or for VPN. It doesn't really care who it is as long as it authenticates. Thus you could use 'Admin' to create a restrictive rule on the FB (purposely contrary to what you said), as the access policy is based on the FB rules and it only uses Radius to verify the user.
Hopefully I understood your question, and hopefully you understood my answer.
Are you going to be using Watchguard's MUVPN software or simple MS PPTP client? If you want to use the former then it is possible and I'll post instructions. If it's the latter, it isn't possible as the firewall just checks the dial-in access attribute and grants access based on the rules allowed for the pptp_users group.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question