Chat now with support
Chat with Support

Defender 6.6 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Using Defender VPN Integrator

Defender VPN Integrator is a tool that makes it very easy for remote users to utilize all the benefits of both VPN technology and the secure, two-factor authentication provided by Defender. Defender VPN Integrator simplifies the authentication process by integrating with the installed Defender Soft Token for Windows.

The Defender VPN Integrator is installed and configured on the end-user’s desktop, along with the Soft Token for Windows. When the user initiates a Defender protected VPN connection, VPN Integrator communicates between the Defender Soft Token for Windows and the third-party VPN client, to ensure that the secure, one-time password authentication process is handled automatically. The entire operation is seamless and very fast—only the passphrase for the Defender Soft Token for Windows is required from the user.

The guide describes how to install and configure Defender VPN Integrator within your environment.

Installing Defender VPN Integrator

To install Defender VPN Integrator

  1. Run the DefenderVPNIntegrator.exe file supplied in the Defender distribution package.
  2. Complete the wizard that starts to install the Defender VPN Integrator.

You may be prompted to restart your computer. When you complete the installation, Defender VPN Integrator runs as a service.

If an earlier version of Defender VPN Integrator is installed on your computer, you first need to uninstall the earlier version. Depending upon your version of the Windows operating system, use Programs and Features or Add or Remove Programs in Control Panel to uninstall the earlier version of Defender VPN Integrator. After uninstall, you may be prompted to restart your computer. When finished, run DefenderVPNIntegrator.exe to install the new version of Defender VPN Integrator.

Configuring Defender VPN Integrator

The Defender VPN Integrator does not include a configuration interface. For this reason, you have to make all configuration changes in the pgwc.ini configuration file which you can find in the following location:

%ProgramFiles%\One Identity\Defender\VPN Integrator

A number of sample .ini files are supplied with new installation. You will need to rename the .ini file suitable for your VPN Client to pgwc.ini. If you make any changes to the pgwc.ini file, log off from the computer and then log back on again for the changes to take effect.

You may need to modify the pgwc.ini file to work with your particular VPN client, for example, the Window title= line should include the title displayed on your VPN client window.

Defender EAP Agent

A VPN is an extension of a private network that encompasses links across shared or public networks like the Internet. VPN connections leverage the IP connectivity of the Internet using a combination of tunneling and encryption to securely connect two remote points, such as a remote worker and their office base.

Extensible Authentication Protocol (EAP) is a general protocol for authentication that also supports multiple authentication methods, such as Kerberos, token cards, one-time passwords, certificates, public key authentication, and smart cards.

Defender utilizes the EAP protocol to integrate its two-factor authentication into the existing user authentication process. The Defender EAP Agent supports Microsoft Remote Access clients and servers for both dial-up and VPN (PPTP and L2TP/IPSec) (implemented as an extension to PPP).

The Defender EAP Agent must be installed on the VPN server and VPN client computer.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating