turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
If I understand your scenario correctly, there is no authentication server or setup needed at all in the SSG for your web server.
You are protecting a web site. The process will work like this:
- when the page load comes to the Microsoft IIS server
- IIS needs to be configured to forward that request over to Crypto-MAS
- Once authenticated, Crypto-MAS returns the session to IIS as authorized
On the SSG firewall you need these configurations setup:
- you will forward web traffic to the Microsoft IIS server normally
- You will need firwall rules to allow outbound connections from the IIS server to Crypto-MAS. These will be covered if you have a normal allow all from the IIS server zone to the internet untrust setup that allows web access from that server
- You will need a firewall rule from the Crypto-MAS server IPs to the IIS server for whatever ports they use in the communcations. It looks like they use RADIUS so the port would be 1645 & 1646 but you will need their documenation on the IIS setup to confirm where the communcations occur.
The authentication server setup on the SSG is only needed if you are using Crypto-MAS as the authentication for your administrative access to the SSG instead of the build in login database.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.
