Configuring authentication security policies

To include authentication in a security policy, you must create an identity-based policy. An identity-based policy can authenticate by certificate, FSSO, and NTLM. The two exceptions to this are RADIUS SSO and FSSO Agents. See “SSO using RADIUS accounting records”, and “Introduction to FSSO agents”.

Before creating an identity-based security policy, you need to configure one or more users and firewall user groups.For more information, see “Users and user groups”.

Creating the security policy is the same as a regular security policy except you must select the action specific to your authentication method:

Table 22: Authentication methods allowed for each policy Action
Action	Authentication method	Where authentication is used
ACCEPT	FSSO Agent or identity-based policy — FSSO	See “Agent-based FSSO”.
	identity-based policy — NTLM	See “NTLM authentication”.
	identity-based policy — Certificates	See “Configuring certificate-based authentication”.
	RADIUS SSO	See “SSO using RADIUS accounting records”.
IPSEC	IPsec Phase 1 and 2	See “Configuring authentication of remote IPsec VPN users”.
SSL-VPN	SSL certificates	See “Configuring authentication of SSL VPN users”.
DENY	none	none