All Opengear console servers (with firmware V3.2 or later) support RSA SecurID.
Once RADIUS authentication has been specified and the remote RSA server configured, all remote accesses to the console server and all accesses through the console server to the managed devices are authenticated using RSA SecurID tokens. So Telnet, SSH, Web UI or SDT Connector access requests are all authenticated on the remote RSA server.
Refer RSA SecurID Implementation Manual for installation and configuration details.
Some common questions
- Opengear supports RADIUS RSA SecurID Authentication. However, like most other appliances, we do not support Native RSA SecurID as this authentication requires an x86 base
- If you use SDT Connector to access the console server and connected managed devices, the only change to the usual setup you need to make is to not fill in a password in the SDT Gateway configuration. When you bring up a connection to a managed device, SDT Connector will prompt you for your token code
- All requests for access to and through the console server are token authenticated by the console server with the external RSA server. However this token authentication does not extend to accesses initiated from the console server to the managed device
- Out of band access using cellular or broadband failover can also be RSA token authenticated, so security and management policies can be enforced even during a network outage. This requires the RSA Authentication Manager to be accessible over the failover link (e.g. the RSA server may have a publicly accessible IP address, or it may be located on a preconfigured VPN which the failover links to)
- If the RSA Authentication Manager is on the local private network, and we failover to 3G we can configure IPSec to VPN back into the local network to access this RSA server. If we can't do RSA authentication then we'll fail back to local authentication
Visit RSA for more details about RSA SecurID. Also refer to: