Only the first realm is used with Sequence Realms in Admin Authentication Layers
search cancel

Only the first realm is used with Sequence Realms in Admin Authentication Layers


Article ID: 165448


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


Although the Sequence Realm can be configured in the Admin Authentication Layer, only the first member realm will be used for admin authentication.


There are two alternatives for this. They consist of assigning the individual realms to:
A. Different source subnets: In the event of a realm failure, you can authenticate from another realm through a different source network.

B. Different ports on the ProxySG:
- Create a new port for Management/CLI Console access for your backup realm.
- For example, TCP-8082 can be used for RADIUS while TCP-8088 can be used for LDAP.

Sample Steps:

  1. Create a new management service under Configuration>Services>Management Services
    A) Click New
    B) Select the service
    C) Add a new listener for the service
    D) Enter the IP and Port information. Enable the listener
    E) Click OK on the dialogs, then Apply
  2. In Policy create Admin Authnetication layer rules using the Source object Proxy IP Address/Port
    A) Right-click > Set
    B) Click New..., Proxy IP Address/Port
    C) Specify the port
    D) Click Add
    E) Click OK
  3. Set the Action object to authenticate to your realm
    A) Right-click, Set
    B) Click New..., Authenticate
    C) Give a name and select your realm
    D) Click OK on the dialog boxes
  4. Repeat steps 1-3 for each authentication realm.
  5. Set Authorization permissions in an admin access layer for users/groups