Strona główna BAZA WIEDZY - suplement Portalu Wsparcia Technicznego SerwiTECH Baza wiedzy Firmware SNS 3.x ./ConfigFiles
auth
Sugerowane artykuły bazy wiedzy:

auth

[Config]

Anonymised=0# show an anonymised portal

SslCertificate=# When using a custom SSL certificate

SslShutdown=2# How to shutdown the SSL connection (0=send&receive&close, 2=send&close, 3=close)

HttpPort=81# Change the default http port

HttpsPort=443# Change the default https port

fileserver=0# 0 to disable fileserver, 1 to enable

ContinueOnError=1# 0 to stop methods processing on error, 1 to continue

SslParanoiac=1# 0|1 Activate the paranoiac mode on SLD portal

PercentMaxConnByIp=20# Percentage of max number of authorized connections by IP address

BruteforceState=1# Enable bruteforce protection

NbAttempt=50# Maximum numbers of attempts before being banned (if BruteforceState=1)

TimeoutBanned=300# Ban period in seconds (if BruteforceState=1)

TriesTime=60# Interval in seconds between 2 attempts before resetting the counter (if BruteforceState=1)

 

[ProfilesMap]

# Mapping between network interfaces and profile

 

[Defaults]

auth=pass authmethod=PLAIN

 

[Ruleset]

# state=on user=IT_trainee src=any auth=block authmethod=

# state=on group=IT_team src=Network_it auth=pass authmethod=KERBEROS

 

[ssl]

# This section describe the match of a certificate with a LDAP user

# The default is "emailAddress" for Certificate and "Mail" for the LDAP field

# CertificateIdentifier is case sensitive

state=0# disable/enable ssl (default is 0)

CertificateIdentifier=emailAddress       # Certificate Identifier (subject field)

LdapIdentifier=mail         # Ldap field

 

[CAVerifyList]

# List of trusted certificate authorities used for SSL authentication

 

[radius]

state=0# disable/enable radius (default is 0)

host=# RADIUS server

port=radius# Port used by the RADIUS server (default is radius)

presharedkey=# Key used for encrypting exchanges between the firewall and the RADIUS server

pencoding=UTF-8# Primary RADIUS Server password encoding

bhost=# Backup RADIUS server

bport=radius# Port used by the Backup RADIUS server (default is radius)

bpresharedkey=# Key used for encrypting exchanges between the firewall and the Backup RADIUS server

bencoding=UTF-8# Backup RADIUS Server password encoding

 

[kerberos]

state=0# disable/enable kerberos (default is 0)

realm=# Domain name assigned to the Active Directory server for the Kerberos authentication method (FQDN)

pkdc_host=# Server for the Kerberos authentication method

pkdc_port=kerberos_udp# Port used by the server (default is kerberos_udp)

bkdc_host=# Backup server for the Kerberos authentication method

bkdc_port=kerberos_udp# Port used by the backup (default is kerberos_udp)

 

[spnego]

state=0# disable/enable spnego (default is 0)

realm=# Kerberos server's domain name (this domain name corresponds to the full name of the Active Directory domain)

principal=# Name of the Kerberos service used by the firewall (obtained after the spnego)

 

[Guest]

state=0# disable/enable Guest access method (default is 0)

LogonTime=14400# number of seconds to log a guest user

DisclaimerTime=64800# Display disclaimer every 18 hours

 

[Sponsor]

state=0                 # disable/enable Sponsor access method (default is 0)

Mintime=900             # minimum authentication time (in seconds)

Maxtime=14400           # maximum authentication time (in seconds)

BruteforceState=1# Enable antispam protection

NbAttempt=5# Maximum numbers of attempts before being banned (if BruteforceState=1)

TimeoutBanned=300# Ban period in seconds (if BruteforceState=1)

TriesTime=60# Interval in seconds between 2 attempts before resetting the counter (if BruteforceState=1)

 

[Agent]

state=0# The agent activation status

DomainName=# The filter on domain recieved by the UTM. If empty, all is accepted

MScontroller=# comma separated list of host object about the Microsoft domain controller

GroupRefresh=3600# Time in second between group refresh (0, 120-2592000)

MaxLogonTime=36000# maximum time in second of the authentication

Probe=0# activate or not the user logout probing

ProbeMethod=ping# probing method (ping, registery)

ProbeTimeout=300# maximum time in second for no responding stations

AgentAddr=# the agent ip address

AgentPort=agent_ad# the port of the agent

AgentPassword=# the password of the agent

AgentBindAddr=# the ip of the source connection

AgentBindPort=# the port of the source connection

BackupAddr=# the ip of the backup agent

BackupPort=agent_ad# the port of the backup agent

BackupPassword=# the password of the backup agent

BackupBindAddr=# the ip of the source connection

BackupBindPort=# the port of the source connection

 

[Agent2]

state=0# The agent activation status

DomainName=# The filter on domain recieved by the UTM. If empty, all is accepted

MScontroller=# comma separated list of host object about the Microsoft domain controller

GroupRefresh=3600# Time in second between group refresh (0, 120-2592000)

MaxLogonTime=36000# maximum time in second of the authentication

Probe=0# activate or not the user logout probing

ProbeMethod=ping# probing method (ping, registery)

ProbeTimeout=300# maximum time in second for no responding stations

AgentAddr=# the agent ip address

AgentPort=agent_ad# the port of the agent

AgentPassword=# the password of the agent

AgentBindAddr=# the ip of the source connection

AgentBindPort=# the port of the source connection

BackupAddr=# the ip of the backup agent

BackupPort=agent_ad# the port of the backup agent

BackupPassword=# the password of the backup agent

BackupBindAddr=# the ip of the source connection

BackupBindPort=# the port of the source connection

 

[Agent3]

state=0# The agent activation status

DomainName=# The filter on domain recieved by the UTM. If empty, all is accepted

MScontroller=# comma separated list of host object about the Microsoft domain controller

GroupRefresh=3600# Time in second between group refresh (0, 120-2592000)

MaxLogonTime=36000# maximum time in second of the authentication

Probe=0# activate or not the user logout probing

ProbeMethod=ping# probing method (ping, registery)

ProbeTimeout=300# maximum time in second for no responding stations

AgentAddr=# the agent ip address

AgentPort=agent_ad# the port of the agent

AgentPassword=# the password of the agent

AgentBindAddr=# the ip of the source connection

AgentBindPort=# the port of the source connection

BackupAddr=# the ip of the backup agent

BackupPort=agent_ad# the port of the backup agent

BackupPassword=# the password of the backup agent

BackupBindAddr=# the ip of the source connection

BackupBindPort=# the port of the source connection

 

[Agent4]

state=0# The agent activation status

DomainName=# The filter on domain recieved by the UTM. If empty, all is accepted

MScontroller=# comma separated list of host object about the Microsoft domain controller

GroupRefresh=3600# Time in second between group refresh (0, 120-2592000)

MaxLogonTime=36000# maximum time in second of the authentication

Probe=0# activate or not the user logout probing

ProbeMethod=ping# probing method (ping, registery)

ProbeTimeout=300# maximum time in second for no responding stations

AgentAddr=# the agent ip address

AgentPort=agent_ad# the port of the agent

AgentPassword=# the password of the agent

AgentBindAddr=# the ip of the source connection

AgentBindPort=# the port of the source connection

BackupAddr=# the ip of the backup agent

BackupPort=agent_ad# the port of the backup agent

BackupPassword=# the password of the backup agent

BackupBindAddr=# the ip of the source connection

BackupBindPort=# the port of the source connection

 

[Agent5]

state=0# The agent activation status

DomainName=# The filter on domain recieved by the UTM. If empty, all is accepted

MScontroller=# comma separated list of host object about the Microsoft domain controller

GroupRefresh=3600# Time in second between group refresh (0, 120-2592000)

MaxLogonTime=36000# maximum time in second of the authentication

Probe=0# activate or not the user logout probing

ProbeMethod=ping# probing method (ping, registery)

ProbeTimeout=300# maximum time in second for no responding stations

AgentAddr=# the agent ip address

AgentPort=agent_ad# the port of the agent

AgentPassword=# the password of the agent

AgentBindAddr=# the ip of the source connection

AgentBindPort=# the port of the source connection

BackupAddr=# the ip of the backup agent

BackupPort=agent_ad# the port of the backup agent

BackupPassword=# the password of the backup agent

BackupBindAddr=# the ip of the source connection

BackupBindPort=# the port of the source connection

 

[AgentIgnore]

# List of uid that agent must ignore logon events

Administrator

Administrateur

 

[SslCipher]

# CipherList available in EUROPE branch and SSLParanoiac mode turned on

#ECDHE-RSA-AES128-SHA

#DHE-RSA-AES128-SHA

#ECDHE-RSA-AES128-SHA256

#DHE-RSA-AES128-SHA256

#ECDHE-RSA-AES256-SHA

#DHE-RSA-AES256-SHA

#ECDHE-RSA-AES256-SHA384

#DHE-RSA-AES256-SHA256

Szczegóły artykułu

Identyfikator artykułu:
36
Kategoria:
./ConfigFiles
Data dodania:
17-12-2016 23:12:03
Wyświetleń:
954

Zależne artykuły


Niniejszy portal stanowi suplement do Portalu wsparcia technicznego
Wszystkie znaki towarowe, jakie zostały tu użyte, zostały przywołane wyłącznie w celach informacyjnych i stanowią własność swoich prawomocnych właścicieli.
Web Analytics Treści zawarte na tej stronie są własnością SerwiTECH i nie mogą być kopiowane bez pisemnej zgody SerwiTECH.