13-16
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 13 Configuring AAA Servers and the Local Database
Supporting a Zone Labs Integrity Server
Using certificates
If user digital certificates are configured, the security appliance first validates the certificate. It does not,
however, use any of the DNs from the certificates as a username for the authentication.
If both authentication and authorization are enabled, the security appliance uses the user login
credentials for both user authentication and authorization.
• Authentication
–
Enabled by authentication server group setting
–
Uses the username and password as credentials
• Authorization
–
Enabled by authorization server group setting
–
Uses the username as a credential
If authentication is disabled and authorization is enabled, the security appliance uses the primary DN
field for authorization.
• Authentication
–
DISABLED (set to None) by authentication server group setting
–
No credentials used
• Authorization
–
Enabled by authorization server group setting
–
Uses the username value of the certificate primary DN field as a credential
Note If the primary DN field is not present in the certificate, the security appliance uses the secondary DN
field value as the username for the authorization request.
For example, consider a user certificate that contains the following Subject DN fields and values:
Cn=anyuser,OU=sales;O=XYZCorporation;L=boston;S=mass;C=us;ea=anyuser@example.com.
If the Primary DN = EA (E-mail Address) and the Secondary DN = CN (Common Name), then the
username used in the authorization request would be anyuser@example.com.
Supporting a Zone Labs Integrity Server
This section introduces the Zone Labs Integrity Server, also called Check Point Integrity Server, and
presents an example procedure for configuring the security appliance to support the Zone Labs Integrity
Server. The Integrity server is a central management station for configuring and enforcing security
policies on remote PCs. If a remote PC does not conform to the security policy dictated by the Integrity
Server, it will not be granted access to the private network protected by the Integrity Server and security
appliance.
This section includes the following topics:
• Overview of Integrity Server and Security Appliance Interaction, page 13-17
• Configuring Integrity Server Support, page 13-17
To Next Page
Loading...
Need help?
General