Watchguard Firebox X5000 User's Guide download pdf (Page 49)

Migration Guide 45

Making a Fireware Configuration

2 To add a log host click Configure.

3 Type an encryption key and then confirm it.

Encryption keys are a minimum of eight (8) characters.

4 To add a Syslog host select Syslog and click Configure.

5 Type the IP address of the Syslog Server.

6 Select a facility for each log type.

7 Click OK.

Firewall Authentication

The Java applet used for firewall authentication is no longer used. This eliminates the need for

the time-outs listed here. Instead, a Web page is available at the same URL using https instead of

http. The authentication mechanism relies on associated connections from the authenticated user

to determine if the user is to remain authenticated. After some short time following the last

closed or timed-out connection, the authenticated user is automatically logged out.

Authentication Servers

The same entry is available in Fireware Policy Manager.

1 From Policy Manager select Setup > Authentication Servers.

•Firebox

There are no changes here. However, if you have either the pptp_users or ipsec_users groups

listed, you do not need to migrate them. They are automatically migrated with your PPTP or

MUVPN settings.

• NT Server

Fireware does not support NT Server authentication. This cannot be migrated at this time.

•RADIUS Server

Fireware uses PAP when authenticating any firewall or MUVPN user. It uses MSCHAPv2 when

authenticating a PPTP user (if PPTP is configured to use RADIUS). Thus, the server needs to

allow both mechanisms if both types of users are to be supported.

•CRYPTOCard Server

Fireware does not support CRYPTOCard authentication. This cannot be migrated at this time.

• SecurID Server

There are no changes.

1 2 ... 44 45 46 47 48 49 50 51 52 53 54 ... 77 78

No comments

Watchguard Firebox X5000 User's Guide Page 49