Authentication is one of the key features for a security product. When a security product enables authentication, the users and hosts can be denied or allowed to access certain networks.
From a user's point of view, authentication is divided into the following categories:
- If you are a user from an internal network who wants to access the Internet, you can use:
- If you are a user from the Internet who wants to visit an internal network (usually with VPN), you can use:
A user uses his/her terminal to connect to the firewall. The firewall calls the user data from the AAA server to check the user's identity.
- User (authentication applicant): The applicant initiates an authentication request, and enters his/her username and password to prove his/her identity.
- Authentication system (i.e. the firewall in this case):The firewall receives the username and password and sends the request to the AAA server. It is an agent between the applicant and the AAA server.
- AAA Server: This server stores user information like the username and password, etc. When the AAA server receives a legitimate request, it will check if the applicant has the right to the user network services and send back the decision. For more information, refer to AAA Server. AAA server has the following four types: