User guide

Chapter 10: Creating Aliases and Implementing Authentication

130 WatchGuard Firebox System

8 When you finish adding members, click OK.

The Host Alias dialog box appears listing the new alias. Click the alias to view its

members.

To modify an alias, select it, click Edit, and then add or delete members.

To remove an alias, select it, click Remove, and then remove the alias

from Properties box of any services configured to use the alias. For more

information, see “Defining Service Properties” on page 103.

How User Authentication Works

A specialized HTTP server runs on the Firebox. To authenticate, clients

must connect to the authentication server using a Java-enabled Web

browser pointed to:

http://IP address of any Firebox interface:4100/

A Java applet loads a prompt for a username and password that it then

passes to the authentication server using a challenge-response protocol.

Once successfully authenticated, users minimize the Java applet and

browser window and begin using allowed network services.

As long as the Java window remains active (it can be minimized but not

closed) and the Firebox does not reboot, users remain authenticated until

the session times out. To prevent an account from authenticating, disable

the account on the authentication server.

Using external authentication

Although the authentication applet is primarily used for outbound traffic,

it can be used for inbound traffic as well. Authentication can be used

outside the Firebox as long as you have an account on that Firebox. For

example, if you are working at home, you can point your browser to:

http://public IP address of any Firebox interface:4100/

The authentication applet appears to prompt you for your login

credentials. This can provide you access through various services such as

FTP and Telnet, if you have preconfigured your Firebox to allow this.