Setting ScreenOS Authentication Options Using Default Servers Overview

The default servers for the security device define the authentication servers used to provide local, external, and WebAuth user authentication. Table 36 describes the different default servers.

Table 36: Default Servers

Default Servers



Each security device contains a local (database) server called auth server. The auth server is the default authentication server and can handle all types of authentication that occur on the device. Usernames and authentication credentials of all local users are stored in this database.

For the Local server only, you can set the authentication timeout, which is the number of minutes the connection remains active after an authentication request has been submitted and a successful authentication is received. By default, the authentication timeout on the Local authentication server is 10 minutes. To change this timeout, enter a new value.


Alternatively, you can select an external authentication server as the default server. To select an external server, you must have already created and configured an Authentication Server object in the NSM UI. You must also have defined the user accounts for all external users on the external server. For more information, see the Network and Security Manager Administration Guide.


When using WebAuth, an auth user first initiates an HTTP session to the IP address of the security device that hosts WebAuth. After successful authentication, the auth user can send traffic to the destination as permitted by one or more security policies. To authenticate WebAuth users, you can use the Local authentication server (security device default) or select a previously defined external auth server.

Related Documentation