返回
-
标题
Proxy authentication Requests between Defender Security Servers -
说明
There is a requirement to forward authentication requests received by the Defender Security Server (DSS) to another DSS located on a different trusted domain.
What are the required steps to configure this? -
解决办法
To enable Defender to pass authentication requests to another Defender Security Server (DSS) two Access Nodes need to configured as follows:
1. On the Target Domain DSS receiving the Authentication requests create a new Access Node. This needs to be configured as follows:
IP Address - Address of Destination Domain DSS
Subnet Mask - 255.255.255.255
Auth Port - Use an available port e.g. 6001
Node Type - Radius Proxy
Shared Secret - Set as appropriate
- Assign this Access Node to the DSS receiving the request you wish to forward requests on from.
- Leave both the "Members" and "Policy" tabs blank as this will be handled by the destination Access Node.
2. On the Destination Domain DSS create an Access Node to receive this traffic. This needs to be configured as follows:
IP Address - Address of Forwarding Domain DSS
Subnet Mask - 255.255.255.255
Auth Port - Use the port specified e.g. 6001
Node Type - Radius Agent
Shared Secret - Set as appropriate
- Assign this to the node to the DSS receiving the proxy traffic.
- On the "Members" tab add the required groups/members for this domain. This can be copied this from the existing Access Node used to control access to this domain. On the "Policy" tab set the relevant policy. This can also be taken from an existing Access Node for this Domain.