IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
AUTHENTICATION
The authentication feature allows the user to identify himself using a login and password or through a transparent process (SSO / certificate). To do so, the feature may use an LDAP (Lightweight Directory Access Protocol) database that stores user profiles and the associated x509 certificate.
After a successful authentication, the user’s login will be associated with the host from which he logged in – this information will be stored in the ASQ’s user table – and with all IP packets that originate from it for the duration that the user or administrator has specified according to the method used.
In order to be effective, the methods configured (1st tab) have to be made explicit in the authentication policy rules (2nd tab).
The Authentication module contains four tabs:
- Available methods: this tab offers you the choice of one or several authentication methods and allows you to configure them on the firewall so that it can apply the security policy. The administrator may also require authentication so that the identity of the host’s user can be recorded in the logs. In this section, you will be able to configure several methods as the authentication policy allows the use of several of these methods that will then be evaluated in order when authentication is processed.
- Authentication policy: this tab allows you to specify the methods according to the source of the request and define the order of the authentication methods to apply.
- Captive portal: enables access to the captive portal from various interfaces, as well as the different information relating to it (SSL access, authentication, proxy). It also allows you to customize the display of the captive portal.
- Captive portal profiles: this tab makes it possible to manage several authentication profiles that the captive portal can use. For example, these profiles enable the selection of the type of account used (temporary accounts, users declared in the internal LDAP directory, etc) or allowed authentication durations.
NOTE
The captive portal has to be enabled for all authentication methods, except for the SSO Agent method.
For issues relating to Multi-user networks and authentication by transparent or explicit proxies, refer to the section Transparent or explicit HTTP proxy and multi-user objects.