There are two alternatives for this. They consist of assigning the individual realms to:
A. Different source subnets: In the event of a realm failure, you can authenticate from another realm through a different source network.
B. Different ports on the ProxySG:
- Create a new port for Management/CLI Console access for your backup realm.
- For example, TCP-8082 can be used for RADIUS while TCP-8088 can be used for LDAP.
- Create a new management service under Configuration>Services>Management Services
A) Click New
B) Select the service
C) Add a new listener for the service
D) Enter the IP and Port information. Enable the listener
E) Click OK on the dialogs, then Apply
- In Policy create Admin Authnetication layer rules using the Source object Proxy IP Address/Port
A) Right-click > Set
B) Click New..., Proxy IP Address/Port
C) Specify the port
D) Click Add
E) Click OK
- Set the Action object to authenticate to your realm
A) Right-click, Set
B) Click New..., Authenticate
C) Give a name and select your realm
D) Click OK on the dialog boxes
- Repeat steps 1-3 for each authentication realm.
- Set Authorization permissions in an admin access layer for users/groups