[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

CLI Configuration

  1. For this example, specify that server1 is to be used as the SecurID server and that the configuration file for it resides on the device in the /var/db/securid/server1/sdconf.rec file.
    user@host> set access securid-server name server1 config-file “ /var/db/securid/server1/sdconf.rec”
  2. For prof_2 profile, configure SecurID as the server to be used for external authentication. This restricts firewall users to authenticate through the SecurID server only. If the SecurID server authentication fails, the firewall user is locked out.
    user@host# set access profile prof_2 authentication-order [securid]

    To share a single SecurID server across multiple profiles, for each profile set the authentication-order parameter to include securid as the authentication mode.

  3. Configure firewall user (ClientsA-E) and assign firewall users (ClientA and ClientB) to client groups alpha, beta, and gamma.
    user@host# set access profile prof_2 client clientA client-group alpha
    user@host# set access profile prof_2 client clientA client-group beta
    user@host# set access profile prof_2 client clientA client-group gamma
    user@host# set access profile prof_2 client clientA firewall-user password pwd1
    user@host# set access profile prof_2 client clientB client-group alpha
    user@host# set access profile prof_2 client clientB client-group beta
    user@host# set access profile prof_2 client clientB firewall-user password pwd3
    user@host# set access profile prof_2 client clientC firewall-user password pwd4
    user@host# set access profile prof_2 client clientD firewall-user password pwd5
    user@host# set access profile prof_2 client clientE firewall-user password pwd2
  4. Configure client groups in the session options.
    user@host# set access profile prof_2 session-options client-group u1
    user@host# set access profile prof_2 session-options client-group alpha
    user@host# set access profile prof_2 session-options client-group gamma
    user@host# set access profile prof_2 session-options client-idle-timeout 255
    user@host# set access profile prof_2 session-options client-session-timeout 4
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]