Creating Access Profiles
Use the Access Profile page to configure LDAP server, RADIUS server, and local authentication service.
To create access profile:
- Select Configure > User Firewall Management > Access
The Access Profile page is displayed.
- Click the + icon.
The Create Access Profile page is displayed.
- Complete the configuration by using the guidelines in Table 1.
- Click Finish.
A Summary page providing a preview of the complete configuration is shown.
- Click OK to complete the configuration or Back to make any modifications.
Table 1: Access Profile Configuration Parameters
Access Profile Name
Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. Maximum length is 255 characters.
Enter a description for the access profile; maximum length is 255 characters.
Select the device type as either Root or Tenant Systems (TSYS).
Select these devices from the Available column and move them to the Selected column.
You can also search for the devices in the search field in both the Available and Selected columns. You can search these devices by entering the device name, device IP address, or device tag.
Select Local to configure local authentication services.
Select an address pool for allocation to users.
An address pool is a set of Internet Protocol (IP) addresses available for allocation to users, such as in host configurations with the DHCP. An address-assignment pool supports IPv4 address. You can create centralized IPv4 address pools independent of the client applications that use the pools.
To create an address pool:
To create a new local authentication user:
To edit, select the local authentication user configuration and click the pencil icon.
To delete, select the local authentication user configuration and click the delete icon.
Select RADIUS to configure RADIUS authentication services.
To create a new RADIUS server:
To edit, select the RADIUS server configuration and click the pencil icon.
To delete, select the RADIUS server configuration and click the delete icon.
Select LDAP to configure LDAP authentication services.
To create a new LDAP server:
To edit, select the LDAP server configuration and click the pencil icon.
To delete, select the LDAP server configuration and click the delete icon.
Base Distinguished Name
Specify the base distinguished name that defines the user.
Specify the amount of time that elapses before the primary server is contacted if a backup server is being used.
LDAP Option Type
Select assemble or search.
Assemble specifies that a user’s LDAP distinguished name (DN) is assembled using a common name identifier, the username, and base distinguished name.
Search specifies that a search is used to get a user's LDAP distinguished name (DN). The search is performed based on the search filter and the part typed in by the user during authentication.
Configure the order in which the different user authentication methods are tried when a user attempts to log in. For each login attempt, the method for authentication starts with the first one, until the password matches.
The method can be one or more of the following:
Configure the next authentication method if the authentication method included in the authentication order option is not available, or if the authentication is available but returns a reject response.