Agenda: Web Authentication

 Configure Web Authentication

• Configure Active Directory (AD)
 AAA

• AAA is the abbreviation for Authentication, Authorization and

Accounting. Details are as follows:
– Authentication: Authenticates users' identities.
– Authorization: Grants certain privileges according to the configuration.
– Accounting: Records the fees users should pay for their network resource
usage.

• AAA server types:

– Local
– Active Directory
– LDAP
– Radius
– Tacacs+

www.hillstonenet.com | Hillstone Confidential

Web Authentication

• Normally authentication function is used to identify two types

of user: one is Intranet user wants to access Internet, another
is Internet user wants to access Intranet resources.

• Web authentication is used to identify and authenticate Intranet user

who wants access the Internet via device
 Configuring WebAuth
Network > Authentication Management. Click WebAuth Wizard on the top right.
web Authentication authenticates 3 access methods: HTTP 80, HTTPS 443, HTTP 8080
 Editing a Policy Rule
Policy > Security Policy. To perform fine-grained access control based on users, add a
role/user/user group to the policy rule. Here is an example:
Editing a Policy Rule

Policy > Security Policy.

“Role/User/User Group”matching conditions
 Creating a User Account
Object > User > Local User. Click New to create a user.
Agenda: Configure Active Directory (AD)

• Configure Web Authentication

 Configure Active Directory (AD)
AD Server Configuration

• AD Server information:
 Configure AAA Server - AD

• SG-6000(config)# aaa-server adtest type active-directory

• SG-6000(config-aaa-server)# host 192.168.1.100
• SG-6000(config-aaa-server)# base-dn DC=training,DC=hillstonenet,DC=com
• SG-6000(config-aaa-server)# login-dn
cn=administrator,cn=users,DC=training,DC=hillstonenet,DC=com
• SG-6000(config-aaa-server)# login-password password
• SG-6000(config-aaa-server)# exit
Single Sign-On（SSO）- AD Based

• Single Sign-On is a simplified type of Web authentication, it does

not require information typing, it can check user’s computer
login information, if the computer’s user complies with AAA
server, this user can pass authentication.

• StoneOS requires that the AAA server of SSO must be Active

Directory server. All users are added to domain.

• SSO has four login methods. They are independent from each
other, but they all can achieve the “no-sign-on” authentication.
– Security Agent software (Installed at server or PC)
– Installing a login script in AD server
– Using AD server based SSO-NTLM (Edit Browser mode)
– SSO-Agent (Optimized solution)
问题

1. Which types of AAA server support to do Web

authentication?
2. Which types of protocol traffics can be authenticated
by Web authentication function?