Introduction

User authentication is probably one of the two most important aspects of the Netscreen firewall. Without a method of providing for the authentication of users, the firewall would lack the ability to limit who has access to administrative features or virtual private networks (VPNs). By providing a set of strong user authentication capabilities, the Netscreen firewall helps secure your network. The Netscreen firewall also provides a balance between security and ease-of-use via the many features supported in its authentication mechanisms.

User authentication on the Netscreen firewall can at first seem like a daunting task. With five types of supported users, four ways to store the users one internal, and three external and limitations that exist only for some of the users, it's no wonder it seems confusing.

In this chapter, we will discuss the types of users and how they should be used. We will discuss the types of authentication servers, the features that each authentication user has and what limitations you should be aware of. Finally, we will show you how to set up users, authentication servers, and more by using both Netscreen's WebUI and the CLI (command line interface).

Types of Users

The Netscreen authentication system has the following different types of users:

• IKE (Internet Key Exchange)

• Auth

• XAUTH

• L2TP

• Admin

Each different type of user has specific capabilities associated with its use. In the next section, we will discuss the types of users further and what their uses can or should be.