Baza wiedzy
Strona główna > Asystowana Pomoc Techniczna dla Stormshield UTM > Baza wiedzy

Szukaj w bazie wiedzy:


auth

Rozwiązanie

[Config]

Anonymised=0# show an anonymised portal

SslCertificate=# When using a custom SSL certificate

SslShutdown=2# How to shutdown the SSL connection (0=send&receive&close, 2=send&close, 3=close)

HttpPort=81# Change the default http port

HttpsPort=443# Change the default https port

fileserver=0# 0 to disable fileserver, 1 to enable

ContinueOnError=1# 0 to stop methods processing on error, 1 to continue

SslParanoiac=1# 0|1 Activate the paranoiac mode on SLD portal

PercentMaxConnByIp=20# Percentage of max number of authorized connections by IP address

BruteforceState=1# Enable bruteforce protection

NbAttempt=50# Maximum numbers of attempts before being banned (if BruteforceState=1)

TimeoutBanned=300# Ban period in seconds (if BruteforceState=1)

TriesTime=60# Interval in seconds between 2 attempts before resetting the counter (if BruteforceState=1)

 

[ProfilesMap]

# Mapping between network interfaces and profile

 

[Defaults]

auth=pass authmethod=PLAIN

 

[Ruleset]

# state=on user=IT_trainee src=any auth=block authmethod=

# state=on group=IT_team src=Network_it auth=pass authmethod=KERBEROS

 

[ssl]

# This section describe the match of a certificate with a LDAP user

# The default is "emailAddress" for Certificate and "Mail" for the LDAP field

# CertificateIdentifier is case sensitive

state=0# disable/enable ssl (default is 0)

CertificateIdentifier=emailAddress       # Certificate Identifier (subject field)

LdapIdentifier=mail         # Ldap field

 

[CAVerifyList]

# List of trusted certificate authorities used for SSL authentication

 

[radius]

state=0# disable/enable radius (default is 0)

host=# RADIUS server

port=radius# Port used by the RADIUS server (default is radius)

presharedkey=# Key used for encrypting exchanges between the firewall and the RADIUS server

pencoding=UTF-8# Primary RADIUS Server password encoding

bhost=# Backup RADIUS server

bport=radius# Port used by the Backup RADIUS server (default is radius)

bpresharedkey=# Key used for encrypting exchanges between the firewall and the Backup RADIUS server

bencoding=UTF-8# Backup RADIUS Server password encoding

 

[kerberos]

state=0# disable/enable kerberos (default is 0)

realm=# Domain name assigned to the Active Directory server for the Kerberos authentication method (FQDN)

pkdc_host=# Server for the Kerberos authentication method

pkdc_port=kerberos_udp# Port used by the server (default is kerberos_udp)

bkdc_host=# Backup server for the Kerberos authentication method

bkdc_port=kerberos_udp# Port used by the backup (default is kerberos_udp)

 

[spnego]

state=0# disable/enable spnego (default is 0)

realm=# Kerberos server's domain name (this domain name corresponds to the full name of the Active Directory domain)

principal=# Name of the Kerberos service used by the firewall (obtained after the spnego)

 

[Guest]

state=0# disable/enable Guest access method (default is 0)

LogonTime=14400# number of seconds to log a guest user

DisclaimerTime=64800# Display disclaimer every 18 hours

 

[Sponsor]

state=0                 # disable/enable Sponsor access method (default is 0)

Mintime=900             # minimum authentication time (in seconds)

Maxtime=14400           # maximum authentication time (in seconds)

BruteforceState=1# Enable antispam protection

NbAttempt=5# Maximum numbers of attempts before being banned (if BruteforceState=1)

TimeoutBanned=300# Ban period in seconds (if BruteforceState=1)

TriesTime=60# Interval in seconds between 2 attempts before resetting the counter (if BruteforceState=1)

 

[Agent]

state=0# The agent activation status

DomainName=# The filter on domain recieved by the UTM. If empty, all is accepted

MScontroller=# comma separated list of host object about the Microsoft domain controller

GroupRefresh=3600# Time in second between group refresh (0, 120-2592000)

MaxLogonTime=36000# maximum time in second of the authentication

Probe=0# activate or not the user logout probing

ProbeMethod=ping# probing method (ping, registery)

ProbeTimeout=300# maximum time in second for no responding stations

AgentAddr=# the agent ip address

AgentPort=agent_ad# the port of the agent

AgentPassword=# the password of the agent

AgentBindAddr=# the ip of the source connection

AgentBindPort=# the port of the source connection

BackupAddr=# the ip of the backup agent

BackupPort=agent_ad# the port of the backup agent

BackupPassword=# the password of the backup agent

BackupBindAddr=# the ip of the source connection

BackupBindPort=# the port of the source connection

 

[Agent2]

state=0# The agent activation status

DomainName=# The filter on domain recieved by the UTM. If empty, all is accepted

MScontroller=# comma separated list of host object about the Microsoft domain controller

GroupRefresh=3600# Time in second between group refresh (0, 120-2592000)

MaxLogonTime=36000# maximum time in second of the authentication

Probe=0# activate or not the user logout probing

ProbeMethod=ping# probing method (ping, registery)

ProbeTimeout=300# maximum time in second for no responding stations

AgentAddr=# the agent ip address

AgentPort=agent_ad# the port of the agent

AgentPassword=# the password of the agent

AgentBindAddr=# the ip of the source connection

AgentBindPort=# the port of the source connection

BackupAddr=# the ip of the backup agent

BackupPort=agent_ad# the port of the backup agent

BackupPassword=# the password of the backup agent

BackupBindAddr=# the ip of the source connection

BackupBindPort=# the port of the source connection

 

[Agent3]

state=0# The agent activation status

DomainName=# The filter on domain recieved by the UTM. If empty, all is accepted

MScontroller=# comma separated list of host object about the Microsoft domain controller

GroupRefresh=3600# Time in second between group refresh (0, 120-2592000)

MaxLogonTime=36000# maximum time in second of the authentication

Probe=0# activate or not the user logout probing

ProbeMethod=ping# probing method (ping, registery)

ProbeTimeout=300# maximum time in second for no responding stations

AgentAddr=# the agent ip address

AgentPort=agent_ad# the port of the agent

AgentPassword=# the password of the agent

AgentBindAddr=# the ip of the source connection

AgentBindPort=# the port of the source connection

BackupAddr=# the ip of the backup agent

BackupPort=agent_ad# the port of the backup agent

BackupPassword=# the password of the backup agent

BackupBindAddr=# the ip of the source connection

BackupBindPort=# the port of the source connection

 

[Agent4]

state=0# The agent activation status

DomainName=# The filter on domain recieved by the UTM. If empty, all is accepted

MScontroller=# comma separated list of host object about the Microsoft domain controller

GroupRefresh=3600# Time in second between group refresh (0, 120-2592000)

MaxLogonTime=36000# maximum time in second of the authentication

Probe=0# activate or not the user logout probing

ProbeMethod=ping# probing method (ping, registery)

ProbeTimeout=300# maximum time in second for no responding stations

AgentAddr=# the agent ip address

AgentPort=agent_ad# the port of the agent

AgentPassword=# the password of the agent

AgentBindAddr=# the ip of the source connection

AgentBindPort=# the port of the source connection

BackupAddr=# the ip of the backup agent

BackupPort=agent_ad# the port of the backup agent

BackupPassword=# the password of the backup agent

BackupBindAddr=# the ip of the source connection

BackupBindPort=# the port of the source connection

 

[Agent5]

state=0# The agent activation status

DomainName=# The filter on domain recieved by the UTM. If empty, all is accepted

MScontroller=# comma separated list of host object about the Microsoft domain controller

GroupRefresh=3600# Time in second between group refresh (0, 120-2592000)

MaxLogonTime=36000# maximum time in second of the authentication

Probe=0# activate or not the user logout probing

ProbeMethod=ping# probing method (ping, registery)

ProbeTimeout=300# maximum time in second for no responding stations

AgentAddr=# the agent ip address

AgentPort=agent_ad# the port of the agent

AgentPassword=# the password of the agent

AgentBindAddr=# the ip of the source connection

AgentBindPort=# the port of the source connection

BackupAddr=# the ip of the backup agent

BackupPort=agent_ad# the port of the backup agent

BackupPassword=# the password of the backup agent

BackupBindAddr=# the ip of the source connection

BackupBindPort=# the port of the source connection

 

[AgentIgnore]

# List of uid that agent must ignore logon events

Administrator

Administrateur

 

[SslCipher]

# CipherList available in EUROPE branch and SSLParanoiac mode turned on

#ECDHE-RSA-AES128-SHA

#DHE-RSA-AES128-SHA

#ECDHE-RSA-AES128-SHA256

#DHE-RSA-AES128-SHA256

#ECDHE-RSA-AES256-SHA

#DHE-RSA-AES256-SHA

#ECDHE-RSA-AES256-SHA384

#DHE-RSA-AES256-SHA256

 
Czy ten artykuł był pomocny? tak / nie
Zależne artykuły dhcp6
dhcp
dns
system
system
Szczegóły artykułu
Identyfikator artykułu: 36
Kategoria: ./ConfigFiles
Data dodania: 17-12-2016 22:12:03
Wyświetleń: 431
Ocena (Głosy): Ocena artykułu 5.0/5.0 (1)

 
« Wstecz

Web Analytics Treści zawarte na tej stronie są własnością SerwiTECH i nie mogą być kopiowane bez pisemnej zgody SerwiTECH.