Scribd
Upload
141 views14 pages

How-To HTTP-Proxy Radius Authentication Windows IAS Server Settings-E 2

This document provides instructions for configuring HTTP proxy authentication with RADIUS to a Windows 2003 server using a Securepoint Security System version 2007nx. It involves: 1. Setting up the Internet Authentication Service (IAS) on the Windows 2003 server to handle RADIUS queries. 2. Creating network objects and firewall rules to allow internal systems to access the HTTP proxy port. 3. Configuring the HTTP proxy on the Securepoint appliance to use the Windows 2003 server for RADIUS authentication, specifying the server's IP address and shared secret key. 4. Configuring browser proxy settings to use the Securepoint as the proxy server once the configuration is saved and firewall rules updated.

Uploaded by

Candrat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
141 views14 pages

How-To HTTP-Proxy Radius Authentication Windows IAS Server Settings-E 2

This document provides instructions for configuring HTTP proxy authentication with RADIUS to a Windows 2003 server using a Securepoint Security System version 2007nx. It involves: 1. Setting up the Internet Authentication Service (IAS) on the Windows 2003 server to handle RADIUS queries. 2. Creating network objects and firewall rules to allow internal systems to access the HTTP proxy port. 3. Configuring the HTTP proxy on the Securepoint appliance to use the Windows 2003 server for RADIUS authentication, specifying the server's IP address and shared secret key. 4. Configuring browser proxy settings to use the Securepoint as the proxy server once the configuration is saved and firewall rules updated.

Uploaded by

Candrat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

Securepoint Security System


Version 2007nx

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

Securepoint Version 2007nx

HTTP proxy authentication with radius to a Windows 2003 server


The Remote Authentication Dial-In User Service (RADIUS) is a client-server-protocol which is used by users with dial-in connections to
authentication, authorization and accountig (triple A system) to a network. Securepoint Security Solutions can authenticate at a proxy
by RADIUS. MS Windows includes the program internet authenticate service (IAS), which can handle RADIUS compatible queries.
Target: The proxy of the Securepoint Security Appliance should use a MS Windows 2003 server to authenticate the user of the proxy.

page 2

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

Securepoint Version 2007nx

Content
1

Configuration of the RADIUS authentication on a MS Windows 2003 Server system ............................................................. 4

1.1

Setting the internet authentication service (IAS)................................................................................................................. 4

Configuration of RADIUS authentication at the Securepoint Security Appliance................................................................... 10

2.1

Create network objects ................................................................................................................................................... 10

2.2

create firewall rules ........................................................................................................................................................ 11

2.3

configure HTTP proxy .................................................................................................................................................. 12

2.4

Browser configuration..................................................................................................................................................... 14

page 3

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

Configuration of the RADIUS authentication on a MS Windows 2003 Server system

1.1

Setting the internet authentication service (IAS)

Securepoint Version 2007nx

Follow this approach:


Windows offers with the IAS a program that can handle RADIUS compatible queries. This service has to install on the Windows Server
system.
Start by using following path: Start -> Control Panel -> Add or Remove Programs -> Add/ Remove Windows Components.
Check Network Services in the window and click Details. Check Internet Authentication Service and click OK and click Next on
the previous window.

fig 1: install IAS

page 4

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

Securepoint Version 2007nx

Start the configuration of IAS. You will find it by following this steps: Start -> All Programs -> Administrative Tools ->

Internet Authentication Services.


At first you have to add the IAS to the Active Directory. Right click Internet Authentication Service (local). Choose the option

register server in the active directory.

fig 2: configure IAS


The Securepoint appliance should be a RADIUS client. Right click RADIUS client -> New RADIUS Client.

fig 3: create new RADIUS client

The shown name is arbitrary. If a DNS entry for the firewall exists, you can use it in the field Client address. Otherwise you
have to insert the IP- address.

page 5

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

Securepoint Version 2007nx

fig 4: define RADIUS client

The shared secret which is to insert in the following dialog is also to be insert in the Securepoint Security Appliance.

fig 5: define shared key

page 6

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

Securepoint Version 2007nx

You have to modify the Remote Access (RAS) Policies. Click Remote Access Policies. In the right frame appear predefined
rules.
Right click on the second rule Connections to other access servers. This Policy should get a RAS permission. Choose

Properties from the context menu.

fig 6: predefined RAS policies

The dialog Connections to other access servers Properties appears.


Check the radio button Grant remote access permission and click Edit profile.
The dialog Edit Dial-in Profile appears. Change to the tab Advanced.

fi 7

tti

d fi

fi 8

dit

fil di l

Click Add to apply a attribute. The dialog Add Attribute appears.

page 7

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

Securepoint Version 2007nx

fig 9: addable attributes


Select the attribute Service- Type and click the Add button.
In the next dialog change the attribute value to Login and click OK.
The previous dialog is no longer required and can be closed.

fig 10: attribute informations

fig 11: apply attribute

Apply the new attribute by clicking OK.


Close the previous dialog by clicking OK.

page 8

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

Securepoint Version 2007nx

Every user who will login at the proxy must get dial-in access.
Go to Start -> Administrative Tools -> Active Directory Users and Computers.
Click right Users under your domain and choose Properties.
Change to tab Dial-in and set Remote Access Permission to Allow access.
Confirm your entries by click OK.

fig 12: Active Directory user properties

page 9

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

Securepoint Version 2007nx

Configuration of RADIUS authentication at the Securepoint Security Appliance

2.1

Create network objects

Following this approach:


In the Securepoint Security Manager click Firewall from the menu and then network objects.
You have to create the internal Network and the internal firewall interface. Click the icon Computer.
Then Add computer dialog appears. Insert data like shown below.

fig 13: object internal net

fig 14: object internal interface

fig 15: network objects

page 10

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

2.2

Securepoint Version 2007nx

create firewall rules

For using a proxy, you have to apply a firewall rule. You have to allow that the internal network uses the port of the proxy (default port
8080, service webcache) on the internal interface.
Change to the tab Rules.
Click icon New.

fig 16: add new rule

page 11

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

2.3

Securepoint Version 2007nx

configure HTTP proxy

use following approach:


Click the icon Applications in the toolbar. Normally the windows start with the tab HTTP Proxy otherwise change to the tab

HTTP Proxy.
In the section General the maximal download and upload can be limited and a parent proxy can be specified. This options are ignored
in this example. Only the virus scanner is activated.

fig 17: general HTTP proxy settings

A transparent proxy should not be used because a user authentication shall be conducted.
So uncheck the option Transparent proxy in the section Transparent proxy.

page 12

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

Securepoint Version 2007nx

In the section Authentication make the settings for the RADIUS server.
You have to insert the IP- address of the Windows 2003 server and the key (shared secret).

fig 18: authentication settings

In the other sections could be made more settings. Detailed informations to this configurations you will find in the manual.
When you have saved the configuration and have made a rule updated, you can set the firewall as proxy in the browser
settings.

page 13

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings

2.4

Securepoint Version 2007nx

Browser configuration

Use following approach:


Internet Explorer: For configuration of the proxy settings go to menu item
Tools -> Internet Options -> Connections -> LAN Settings -> Proxy server.
Mozilla Firefox: For configuration of the proxy settings go to menu item
Tools -> Options -> Advanced -> Network -> Settings

page 14

You might also like