MAC Address Authentication with HTTP and HTTPS
As mentioned above, with NetDefend it is possible to authenticate an HTTP or HTTPS client automatically using the MAC address of the connecting client's Ethernet interface. This means that authentication is based only on the identity of the client hardware. This is useful if the administrator wants to ensure that access is simple for a particular device and the user is not going to be requred to type in their credentials. The following points should be noted about this type of authentication:
• The username sent to the authentication source (for example, a RADIUS server) is always the MAC address of the client (or the MAC address of an intervening router).
• If the client connects to the security gateway via a router, it is the MAC address of the router and not the client that is sent to the gateway. If the router MAC address is to be allowed as a substitute for the client's MAC address then this must be explicity enabled with the authentication rule optionAllow clients behind router to connect. NetDefend is able to determine that the client is behind a router by checking if the source IP address is present in its ARP cache.
• By default, the password sent to the authentication source (for example, a RADIUS server) is also the MAC address of the client (or the MAC address of an intervening router). However, the password to be used can be explicitly specified as the authentication rule propertyMAC Auth Secret.
• The MAC address is entered as a text string in the database of the authentication source. This text string must follow a specific format for the MAC address. The correct format is a series of six hexadecimal two character lower-case values separated by a hyphen ("-") character. For example:
00-0c-19-f9-14-6f