17.4. Scenarios: User Authentication Configuration 139Example: Configuring a RADIUS serverAn external user authentication server can be configured by following thesteps below:WebUI :User Authentication − > External User Databases− > Add − >External User Database:GeneralName: Enter a name for the server here.Type: The only type supported currently is Radius.IP Address: Enter the IP address of the server here, or enter the symbolicname if the server’s address has previously been defined in the AddressBook.Port: 1812 (RADIUS service uses registered UDP port 1812 by default.)Retry Timeout: 2 (The firewall will resend authentication request to thesever if there is no response after the timeout, e.g. every 2 seconds. Thefirewall will retry three times as maximum.)Shared Secret: Enter a text string here for basic encryption of theRADIUS messages.Confirm Secret:Retype the string to confirm the one typed above.and then click OKExample: Enabling HTTP authentication via local userdatabaseTo enable user authentication via a Web page, first, we need to add anAllow rule in the firewall’s IP rules to let the firewall accept user’s Webbrowsing to its HTTP(TCP port 80) agent; second, we specify a userauthentication rule to tell the firewall how to perform the authentication,such as which database to take for user’s profile lookup, and also thetimeout restrictions; Third, another IP rule for dealing with servicerequests from authenticated users should be appended under the Allowrule from the first step. As explained in 14 IP Rules, all the other trafficsthat are not explicitly allowed by the IP rule, for example, theunauthenticated traffic coming from the interface where authentication isD-Link Firewalls User’s Guide
