Sangfor Community»Categories General Activity & Notice [Ended] Round 5 | Technical Document Scavenger Hunt

[Ended] Round 5 | Technical Document Scavenger Hunt

views: 1020 | comments: 15 | added to Favorites 0
Lights on | 提示:支持键盘翻页<-左 右->
    组图打开中,请稍候......
Created: 2024-Oct-08 11:20

Summary:

Dear members,We are excited to announce the launch of our Technical Document Scavenger Hunt! This activity aims to encourage all users to dive deeper into our newly published technical document in th ...

Reply

Rotring Posted 2024-Oct-09 23:35
Q1
Summary:
Auth Method: Choose based on the authentication infrastructure (Local, LDAP/AD, or RADIUS).
External Auth Server: Configure based on your external server type (Active Directory, LDAP, or RADIUS).

Q2
Summary:
To check online users after successful authentication in Sangfor IAG, log in to the management console, navigate to Monitoring > Online Users, and view detailed information about authenticated users and their sessions.

Q3
-Key Points:
MAC Binding and User Authentication:

MAC address binding ties a specific device (identified by its MAC address) to a particular user account. This ensures that only the device with the associated MAC address can log in using the corresponding user credentials.
For this feature to work effectively, the IAG needs to be able to acquire and track the MAC addresses of the devices attempting to connect.
-Challenges in L3 Networks:

In a Layer 3 network, devices communicate across different subnets, and MAC addresses are generally not forwarded across these subnets.
Routers (which operate at Layer 3) strip the original MAC address when traffic moves between subnets, and they use the MAC address of the next-hop device (the router interface) instead.
This makes it difficult for the IAG to automatically acquire the correct MAC address of a device in an L3 network unless additional mechanisms are in place.
Enabling MAC Acquisition Across L3 Networks:

To overcome this limitation, MAC acquisition across the L3 network must be enabled.
This feature allows the IAG to collect and recognize the MAC addresses of devices even if they are in different subnets (L3 segments). It typically works by using DHCP snooping, ARP inspection, or other mechanisms to capture the device’s MAC address at Layer 2 and associate it with the Layer 3 IP traffic.
Why It's Required:
Without enabling MAC acquisition, the IAG would not be able to consistently capture and bind the correct MAC address to the local user account, especially in an L3 environment where the traffic passes through routers and the original MAC address might not be visible to the IAG.
Steps to Enable MAC Acquisition (General Guidelines):
Log in to the IAG Web Management Console.

Navigate to the "Network Configuration" section.

Look for the MAC Acquisition or MAC Binding Settings:

Enable MAC acquisition across the L3 network.
You may need to configure additional features like DHCP snooping or ARP inspection depending on the network architecture.
Test the Configuration:

Q4 :
In a DHCP-based network, it is not advisable to bind an IP address to a user account because the dynamic nature of DHCP can cause IP changes, leading to failed authentications and increased management overhead. Instead, opt for MAC address binding or use credential-based authentication methods.
Imran Tahir Posted 2024-Oct-09 15:28
Q1:  On the Auth Method tab, select Password based for the Auth Method andLocal user database for External Auth Server

Q2: This will appear in online user . Go to Status and Users

Q3: Yes its must be L3 Network

Q4: No need to Bind the IP address
Beru Posted 2024-Oct-09 15:17
Q1: According to the guide, when configuring Authentication Policy, you should select "Password based" for the Auth Method and "Local user database" for the External Auth Server.

Q2: After being authenticated successfully, you can check the online users by navigating to the Status > Users page.

Q3: Yes, if there is a need to bind a MAC address with a local user account and the local area network is an L3 environment, it is required to enable MAC acquisition across the L3 network.

Q4: No, if the local network is using DHCP, you should not bind with an IP address.
ND Posted 2024-Oct-09 14:00
Q1: On the Auth Method tab, select Password based for the Auth Method and
Local user database for External Auth Server.
Q2: After being authenticated successfully, the user will appear on the Online Users
list. You can navigate to the Status > Users page to see the user details.
Q3: It is required.
Q4: Do not bind
Dwi Nur Posted 2024-Oct-09 10:31
Q1: On the Auth Method tab, select Password based for the Auth Method and Local user database for External Auth Server.
Q2: Status > Users
Q3: Yes, required to enable MAC acquisition
Q4: If the local network is using DHCP, do not bind with an IP address
pbeugenio Posted 2024-Oct-09 09:52
Q1: Auth Method used Password based and  External Auth Server used local user database

Q2: Status > Users

Q3: Yes, it is required

Q4: No need to bind with IP address
pmateus Posted 2024-Oct-08 17:46
Q1: Select Password based for the Auth Method and Local user database for External Auth Server.
Q2: The user will appear on the Online Users list. You can navigate to the Status > Users page to see the user details
Q3: Yes
Q4: No
Enrico Vanzetto Posted 2024-Oct-08 16:45
Q1: When you are configuring the authentication policy, on the Auth Method tab, select Password based for the Auth Method and Local user database for External Auth Server
Q2: You can navigate to the Status > Users page to see the user details.
Q3: If there is a need to bind a MAC address with a local user account, please ensure that the local area network is an L3 environment. If so, it is required to enable MAC acquisition across the L3 network
Q4: If the local network is using DHCP, do not bind with an IP address
ilham Posted 2024-Oct-08 16:34
Q1: choose password based for Auth method, and choose local user database for external auth server
Q2: Status -> Users
Q3: yes it is required
Q4: NO, do not bind
CLELUQMAN Posted 2024-Oct-08 15:33
Q1: Navigate to Access Mgt > Authentication > Web Authentication >
Authentication Policy. On the Auth Method tab, select Password based for the Auth Method and Local user database for External Auth Server
Q2: Status > Users page to see the user details
Q3: Yes
Q4: No