Although the Sequence Realm can be configured in the Admin Authentication Layer, only the first member realm will be used for admin authentication.
There are two alternatives for this. They consist of assigning the individual realms to: A. Different source subnets: In the event of a realm failure, you can authenticate from another realm through a different source network.
B. Different ports on the ProxySG: - Create a new port for Management/CLI Console access for your backup realm. - For example, TCP-8082 can be used for RADIUS while TCP-8088 can be used for LDAP.
Create a new management service under Configuration>Services>Management Services A) Click New B) Select the service C) Add a new listener for the service D) Enter the IP and Port information. Enable the listener E) Click OK on the dialogs, then Apply
In Policy create Admin Authnetication layer rules using the Source object Proxy IP Address/Port A) Right-click > Set B) Click New..., Proxy IP Address/Port C) Specify the port D) Click Add E) Click OK
Set the Action object to authenticate to your realm A) Right-click, Set B) Click New..., Authenticate C) Give a name and select your realm D) Click OK on the dialog boxes
Repeat steps 1-3 for each authentication realm.
Set Authorization permissions in an admin access layer for users/groups
Imported Document ID: 000008323
Subscribing will provide email updates when this Article is updated. Login is required.