User`s guide

XSR User’s Guide 329

Chapter 13 XSR Firewall Feature Set Functionality

Configuring Security on the XSR

– If no syslog server is configured, alarms will contain the IP

address of the first circuit. FE1 will be checked first, then FE2,

then any WAN interface etc., until an IP address is obtained.

– If no interfaces have been configured with an IP address, the

hostname will be used.

Authentication - AAA services provide secure access across the firewall

delineated by several levels: user, client and session. This release supports only

client authentication which verifies a remote host based on its IP address. All

firewall policy rules that specify allow-auth as the action check the source IP

address of the received packet in the auth cache before approving the session.

For the remote user, the XSR requires manual sign-on using Telnet to the

default port 3000 or another configured port. The user is prompted for a user

name and password, and those credentials are checked with either an

authentication server (RADIUS) or a local database on the XSR (see

Figure 55).

Figure 55 Authentication Process

Figure 55 illustrates the process by which a user accesses a server after

authentication by the XSR firewall, as explained below:

A user Telnets to the firewall presenting a name and password.

Telnet server

Firewall

DMZ

Internal

Servers

Authentication server

Internet