RSA Security 1.6.3 manual

1
2
3
4
5
6
7
8
9
10
11

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of RSA Security 1.6.3, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of RSA Security 1.6.3 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of RSA Security 1.6.3. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of RSA Security 1.6.3 should contain:
- informations concerning technical data of RSA Security 1.6.3
- name of the manufacturer and a year of construction of the RSA Security 1.6.3 item
- rules of operation, control and maintenance of the RSA Security 1.6.3 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of RSA Security 1.6.3 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of RSA Security 1.6.3, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the RSA Security service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of RSA Security 1.6.3.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the RSA Security 1.6.3 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    1 RSA SecurID Ready Implement ation Guide Last Modified November 29, 2001 1. Partner Information Partner Name Stonesoft Corp. Web Site www.stonesoft.com Product Name StoneGate Firewall Version & Platform Version 1.6.3 Product Description StoneGate is the first firewall and VPN solution offering high security, high performance and availability. [...]

  • Page 2

    2 3. Solution Summary Feature Details Authentication Methods S upported RADIUS, TACACS+. ACE/Agent Library Version N/A ACE 5 Locking N/A Replica ACE/Server Support N/A Secondary RADIUS/TACACS+ Server Support Yes (up to 10 supported) Location of Node Secret on Client None stored ACE/Server Agent Host Type UNIX Agent SecurID User Specification Design[...]

  • Page 3

    3 4. Product Requirement s • Hardware requirements Component Name: StoneGate Management system CPU make/speed required Pentium processor, suggested minimum processor speed 500 MHz Memory 128 MB minimum, 256 MB or more recommended HD space 4GB for evaluation (20 GB or more for production use). Component Name: StoneGate Firewall Engine CPU make/spe[...]

  • Page 4

    4 5. Partner ACE/Agent configuration Supported authentication types with RSA SecurID product Client-initiated authentication Client initiated authentication means that the user starts the authentication process. It can be done with two tools: Authentication Client software (part of StoneGate VPN Client software) or using Telnet to connect to the fi[...]

  • Page 5

    5 StoneGate Firewall / RSA SecurID Configuration – User Authentication The following steps can be carried out using the Stonegate User Manager GUI: • Create an Authentication service (type can be Radius or Tacacs+). • Create Authentication Server/Servers with correct type.[...]

  • Page 6

    6 • All Created Authentication Servers must be bound to the Authentication Service. Having created your Service(s) and Server(s), you must now create users within the StoneGate user Database. If you want to use ACE/Server authentication as your default Authentication Service for all users, create a special user with the UserN ame: *external* with[...]

  • Page 7

    7 Using this generic method of authentication, *external* is the only user you will be required to create within the StoneGate user database. If there is a need to configure Authentication Services on a per user basis, it can be done by creating individual user records within the StoneGate user database and binding them to the appropriate Authentic[...]

  • Page 8

    8 Example SecurID enabled login sequences Firewall initiated authentication with ACE/Server user account set to New PIN-mode.[...]

  • Page 9

    9[...]

  • Page 10

    10 6. Certification Checklist Date Tested: November 22, 2001 Product Tested Version ACE/Server 5.0.1 ACE/Agent N/A StoneGate firewall & VPN Client 1.6.3 Test ACE RADIUS 1 st time auth. (node secret creation) N/A N/A New PIN mode: System-generated Non-PINPAD token N/A P PINPAD token N/A P User-defined (4-8 alphanumeric) Non-PINPAD token N/A P Pa[...]

  • Page 11

    11 7. Known Issues • If a clustered StoneGate firewall solution is used with RSA SecurID then an Agent Host entry must be defined within the ACE/Server database for each firewall cluster member. • The Firewall cluster members share configured authentication service/server information. As a result of this when configuring Agents Hosts on the ACE[...]