TABLE OF CONTENTS Who is coming through my firewall? is one of the most frequently asked questions in our security space today. Managing access through FireWall-1 has not always been glamorous or even exciting. With NG, most of the issues relating to authentication and user management are diminished. Now managing users can be accomplished in a centralized Lightweight Directory Access Protocol (LDAP) database with all of the security rules and access in the store and can be used to authenticate users through FireWall-1. With this support comes the ability to utilize Microsoft Active Directory (AD) integration for shops that use the AD exclusively.
This chapter walks you-through the use of LDAP, MS-AD, RADIUS, and TACAS+ integration for user authentication. The primary focus is how to integrate the components, not how to manage the users. User management is accomplished in the source directory, LDAP, not in FireWall-1. For readers who used the old account management client, it is now integrated into the SmartDashboard.
This chapter also points out some pitfalls and other ideas that you might want to use to make your administration of users against a centralized directory less of a headache. Today most organizations can create Web sites that enable end users to modify or change their passwords; we discuss the integration of this feature to make your deployment of user authentication and centralized user management a reality. Overall, the use of these features will assist any organization that seeks to enable a more centralized security and authentication model.
