Setting Up Active Directory for vGW Series Administrator Authentication

This topic covers use of Active Directory (AD) for administrator authentication. First it explains how to enable AD support for vGW Series, which you must do before you can configure administrator authentication to use it. Then it explains how to configure it as the authentication type for an administrator.

You can use AD with vGW Series for administrator authentication instead of storing the authentication information locally in the vGW Security Design VM database. vGW Series supports AD over IPv4 and IPv6 networks.

Administrators can use their AD credentials to log in to the vGW Security Design VM. vGW Series checks AD for the credentials, and, based on the settings, it allows the user to log in to vGW Security Design VM or it denies the user access.

To set up the vGW Series to work with AD:

  1. Define the Name (or IP address) of the AD server on the Active Directory configuration page.
  2. Set the appropriate port. By default, port TCP 636 (LDAPS) is used. However, you can use 389 LDAP+STARTTLS or configure a custom port.

    Enable your network to give the vGW Security Design VM access to this port to the server.

  3. After you select the name or IP address, port, and default search base, select Test or Save to view the fingerprint used to validate the communication destination and to initiate all future communication through encryption.

When you select AD Group for Authentication type, a dialog box is displayed allowing you to enter the user ID and password to use to log in to AD to get the group list.

Note: AD must be enabled for you to select AD Group as the authentication method. Use the Settings module vGW Application Settings > Active Directory page to enable it, as described previously.

If there are more than 100 configurable groups, vGW Series presents the following alert message:

“There are too many groups in Active Directory to be displayed in a drop-down list. Please fill in the name of the AD Group.”

Rather than displaying a drop-down list of group names, the AD Group Name field is presented as a text box in which you can enter the name of the group.

When you save the configuration, vGW Series checks AD to ensure that the group exists, based on the name that you entered. If the group does not exist, vGW Series displays the following message:

“The AD Group name does not exist in Active Directory.”

To create users or groups to be authenticated through the configured server lookup process:

  1. Select the Settings module > vGW Application Settings > Administrators page.
  2. Add administrators. Set the authentication type to AD Individual User or AD Group.
    • For AD Individual User, the account is authenticated with AD credentials and all privileges are applied according to defined vGW Series settings.
    • For AD Group, the name of an existing group in AD is used and privileges are assigned to it. The AD lookup is used to authenticate the user to determine that he is a member of the group. If so, he is granted access to vGW Series.

Related Documentation