Passport 3.0

Passport provides RADIUS authentification services for secure network acces with a very high degree of funcionality and configurability:

What’s new in Passport?

High Availability

Install 2 Passport servers to form a cluster with automatic syncronization of configuration, user databasses and CA directories.

Both servers provide authentication services but only the Primary one allows to modify the Passport configuration. The Primary server sets the configuration of the Secondary and when changes are made to the Primary configuration, it is automatically synchronized on the Secondary server.

If you configure the NAS (Network Access Server) or a load balancing device with the IP address of both Passport servers, if one Passport server becomes unavailable, the authentications can be done using the other Passport server:

placeholder image

Mode popup.

Standalone.

The server is not part or a High Availability cluster.

Primary.

Set server as primary.

Secondary.

Set server as secondary.

Redundancy3
info.circle@2x

Modifications of the Passport configuration must be done in the Primary server. Changes are automatically copied to the Secondary server.

Main features:

  • - RADIUS authentication services and accounting supporting multiple authentication methods (PAP, CHAP, MSCHAP, MACHAPv2, MD5, GTC, TTLS, PEAP and TLS).

  • - Optional authorization and session policies with support of session control through Change of Authorization (CoA) functionality.

  • - Multiple authentication profiles.

  • - HTTPS login portals.

  • - User auto registration portals with optional contact authorization.

  • - Certification authorities for certificate based authentication (TLS).

  • - Client hardware address caching.

  • - HTTPS enrollment portals for certificate based authentication (TLS) client auto provisioning.

  • - Trends. Long term authentication, performance and traffic reports.

  • - Extensive help with application examples for Aruba, Fortinet and AirPort access devices.

  • - Added disable MAC randomization option in Apple profiles.

passport4

Configuration overview

A graphical view of RADIUS clients, authentication profiles and identity databases allows you to review the current configuration easily and check how these objects are interacting.

RADIUS clients and LDAP servers can be monitored to detect when they are unavailable.

Configurability

It is possible to set very complex configurations entirely from the graphical user interface.

Multiple authentication profiles allow to provide different authentication services simultaneously. Each profile can use several user identity databases to authenticate and authorize network clients. Identity sources include local user databases, local Certification Authorities and external LDAP servers. 

passport4

Authentication profiles

Authentication profile establish RADIUS authentication services with particular characteristics and can additionally define an HTTPS authentication portals.

Profiles optionally establish authorization and session policies with support of session control through Change of Authorization (CoA) functionality. Policies can check RADIUS attributes, session parameters and client device type.

passport5

Authentication portals

Authentication portals provide layer 3 authentication in which the user enters their credentials using its web browser to get access to the network. To automate the process of the user account creation, user auto registration with optional contact authorization is available.

Authentication portals are normally used to implement guest access. Client hardware address authentication can be enabled to prevent customers from having to re-authenticate during a period of time.

passport6

Enrollment portals

Digital identities generated by local Certification Authorities (CA's) are used to implement certiticate based authentication (TLS).

To automate the distribution and installation of the digital identities to the client devices, each CA can define an enrollment portal to provide client auto provisioning.

Passport

Detailed session information

Authentications and sessions are shown in real time and you can get detailed information about the authentication method, the identity database used to authenticate the user and session data obtained through RADIUS accounting received from the access device such as the client IP address and the download and upload traffic.

Additionally, the request, reply and session RADIUS attributes can be examined for debugging.

passport4

Session charts

Several graphical trend reports are available have visibility of processed authentication and accounting requests and user sessions.

passport5

Traffic charts

Trend traffic reports provide charts with the download and upload traffic of the network users.

passport6

Distribution charts

Trend distribution reports provide information about the authentication results (accepts and rejects), authentication failure causes and access devices, authentication profiles and identity databases usage.

Passport

Trend reports

Authentication and session information can be optionally stored in the trends database to provide long term visibility of services usage and user activity.

Authentication and session summary and detailled views are available through trend reports with several filtering options.

Passport

Configurability

placeholder image

It is possible to set very complex configurations entirely from the graphical user interface.

Multiple authentication profiles allow to provide different authentication services simultaneously. Each profile can use several user identity databases to authenticate and authorize network clients. Identity sources include local user databases, local Certification Authorities and external LDAP servers. 

Authentication profiles

placeholder image

Authentication profile establish RADIUS authentication services with particular characteristics and can additionally define an HTTPS authentication portals.

Profiles optionally establish authorization and session policies with support of session control through Change of Authorization (CoA) functionality. Policies can check RADIUS attributes, session parameters and client device type.

Authentication portals

placeholder image

Authentication portals provide layer 3 authentication in which the user enters their credentials using its web browser to get access to the network. To automate the process of the user account creation, user auto registration with optional contact authorization is available.

Authentication portals are normally used to implement guest access. Client hardware address authentication can be enabled to prevent customers from having to re-authenticate during a period of time.

Enrollment portals

placeholder image

Digital identities generated by local Certification Authorities (CA's) are used to implement certiticate based authentication (TLS).

To automate the distribution and installation of the digital identities to the client devices, each CA can define an enrollment portal to provide client auto provisioning.

AppIcon

Try Passport!

A 30 - days trial version of Passport is available. Download the evaluation and check the capabilities and facilities of the software.

Do not forget to download Passport manual, an extense user-manual with step-by-step instructions and examples of configuration.

Download the evaluationDownload the manual
AppIcon

Try Passport!

A 30 - days trial version of Passport is available. Download the evaluation and check the capabilities sand facilities of the software.

Do not forget to download Passport manual, an extense user-manual with step-by-step instructions, and  examples of configuration.

Download the evaluationDownload the manual