Defender IIS websites protection

Hi

I want to test the Defender websites protection before starting client config.

How to make config??

is the DSS  name ,the Full Qualified domain name of the defender like svrdef.local??

how to configure theaccess node ??

Parents
  • Hi Martial,

    Here is the Admin guide section on securing websites hosted in IIS by Defender ISAPI component:

    https://support.oneidentity.com/technical-documents/defender/6.4.1/administration-guide/29#TOPIC-2011271

    DSS Name in ISAPI configuration is just a label so it can be anything you want to use, as per the admin guide: 

    • Name  Type the name of the Defender Security Server you want to use for user authentication.

     Access node configuration can be found here:
    https://support.oneidentity.com/technical-documents/defender/6.4.1/administration-guide/15#TOPIC-2011215

    Node type can be Radius Agent  

    The access node IP address range should include the IP address of the machine that will send the authentication request to the Defender Security Server for example if protecting the Defender Management portal using ISAPI agent then the request is sent from the same IP address to itself (if Defender Management portal server and the Defender Security Server are installed on same Server)

    You can use a different port if you want to keep the Desktop client access node using 1812 separate from the Website Access node port for example 1645 that way each access node can have a different Defender policy depending on what you need the user to authentication with AD Password followed by Token or Token Only followed by None etc/

    Thanks!

Reply
  • Hi Martial,

    Here is the Admin guide section on securing websites hosted in IIS by Defender ISAPI component:

    https://support.oneidentity.com/technical-documents/defender/6.4.1/administration-guide/29#TOPIC-2011271

    DSS Name in ISAPI configuration is just a label so it can be anything you want to use, as per the admin guide: 

    • Name  Type the name of the Defender Security Server you want to use for user authentication.

     Access node configuration can be found here:
    https://support.oneidentity.com/technical-documents/defender/6.4.1/administration-guide/15#TOPIC-2011215

    Node type can be Radius Agent  

    The access node IP address range should include the IP address of the machine that will send the authentication request to the Defender Security Server for example if protecting the Defender Management portal using ISAPI agent then the request is sent from the same IP address to itself (if Defender Management portal server and the Defender Security Server are installed on same Server)

    You can use a different port if you want to keep the Desktop client access node using 1812 separate from the Website Access node port for example 1645 that way each access node can have a different Defender policy depending on what you need the user to authentication with AD Password followed by Token or Token Only followed by None etc/

    Thanks!

Children