Authentication Profiles define how the firewall authenticates users. They reference server profiles (e.g., LDAP, RADIUS, Kerberos) and specify parameters such as:
Authentication Type:
Determines the method used for authentication.
Server Profile:
Associates the profile with a specific authentication server.
Login Attributes:
Defines user identifiers like
sAMAccountName
.
Username Modifier:
Adjusts the username format sent to the authentication server.
Allow List:
Specifies which users or groups are permitted to authenticate.
Authentication Portal Redirect
The Authentication Portal provides a web-based interface for user authentication. When configured in redirect mode, the firewall intercepts HTTP/HTTPS requests and redirects them to a designated interface for authentication. This process involves:
Redirect Host:
The hostname or IP address to which users are redirected for authentication.
SSL/TLS Service Profile:
Ensures secure communication during the authentication process.
DNS Configuration:
Proper DNS records must be in place to resolve the redirect host.
It's essential to configure the Authentication Portal correctly to ensure seamless user redirection and authentication.
User Prompt Mechanisms
Depending on the authentication method, users may be prompted in different ways:
Browser Challenge:
Utilizes Kerberos SSO for transparent authentication. If Kerberos fails, it falls back to NTLM or a web form.
Web Form:
Presents a login page where users enter their credentials.
Client Certificate Authentication:
Uses client certificates for authentication without user interaction.
The chosen method affects the user experience and should align with organizational policies and infrastructure.
Comfort Pages
Comfort Pages are customizable web pages displayed to users during the authentication process. They provide information and instructions, enhancing the user experience. Types include:
Authentication Portal Comfort Page:
Shown during initial authentication challenges.
MFA Login Page:
Presented during multi-factor authentication steps.
Administrators can customize these pages to align with organizational branding and provide clear instructions to users.
Mermaid Sequence Diagram: Authentication Workflow
sequenceDiagram
participant User
participant Firewall
participant AuthServer
User->>Firewall: Access Request
Firewall->>User: Redirect to Authentication Portal
User->>Firewall: Submit Credentials
Firewall->>AuthServer: Validate Credentials
AuthServer-->>Firewall: Authentication Response
Firewall->>User: Grant or Deny Access