Bernie Trompeta <[EMAIL PROTECTED]> queried the Listocracy:
>How do you configure the Sidewinder Firewall so that it will let the
>ACE/Server authentication protocol go through, i.e. proxy to use and at
>what port? I have an application that authenticate users using SecurID, but
>is separated from the ACE/Server by a Sidewinder Firewall.
Hi Bernie:
Can't think of any particular issue with Sidewinder. Your
documentation should give you the generic details on the ACE protocol used
to pass authentication calls from your ACE/Agent in the DMZ to your
ACE/Server behind the firewall, and your SSE or RSAS tech support can
quickly tell you if there are any peculiarities in the Sidewinder proxy.
The ACE/Server is addressed through a single UDP port (5500)
incoming -- but the reply link, outgoing from the ACE/Server to the
ACE/Agent, will use a locally-specified range of UDP ports.
The ACE/Agent assigns each SecurID authentication call a new port
(from the site-specified range) as it recieves it, and the ACE/Server will
use those to address the ACE/Agent in the DMZ with yea or nay.
(This association between an incoming ACE/SecurID authentication
call, and a specific port on the ACE/Agent, allows the ACE/Server to
maintain a semblence of state in the interaction -- which hastens reaction
time if the user has requirements that push the ACE protocol beyond simple
authentication: New Pin, Next Token Mode, etc.
Suerte,
_Vin
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
