Microdyn Superuser1

BOMGAR RADIUS Security Provider support’s now Framed-IP-Address and Calling-Station-ID

Is it possible to configure BOMGAR RADIUS security Provider for 2-factor authentication for over-the-Internet users and 1-factor for local LAN users?

The RADIUS request object includes an attribute (31) from the requester which includes their calling-station-ID which is the IP address – both IPv4 and IPv6 are supported.  The IP address is then passed through by the Remote Support appliance to the RADIUS security provider which determines the action.  The image below is a snapshot from the Bomgar Verify administration console, notice the arrow indicates trusted networks.  Our understanding is that other RADIUS servers support the same form of MFA determination.

BOMGAR PAM 15.3.1+ and ERS 15.2.1+ (released in Nov. 2015) added new fields to Bomgar RADIUS security provider Access-Request packet  attributes:
- Framed-IP-Address - sent if the client is connecting from an IPv4 address
- Framed-IPv6-Address - sent if the client is connecting from an IPv6 address
- Calling-Station-Id - contains the client’s IPv4 or IPv6 address

So, to configure 2-factor authentication for over-the-Internet users and 1-factor for local LAN users, the RADIUS server would need to check the Calling-Station-Id  of all authentication requests coming from your Bomgar appliance and then make a decision if to require 1- or 2-factor authentication base upon that IP. It would be easier to implement this when the Bomgar appliance uses an internal non-routable IP. In this case, all over-the-Internet authentication requests will come to the Bomgar appliance from the firewall and you can configure your RADIUS server to require 2-factor authentication for all packets containing the firewall IP in the Calling-Station-Id field.

This article is an answer from BOMGAR Technical Support Team concerning a MICRODYN technical request.


Previous Article How to start a BOMGAR Rep or Access Console multiple times on the same PC with different Rep-Users?
Next Article Use any Mobile Device to generate 2nd Factor for BOMGAR Console Login
791 Rate this article:

Please login or register to post comments.


disclaymer of warranties

All articles available under Microdyn-Wiki are published without guarantee for functionality. The published articles are intended for use by MICRODYN Employees. Use or disclosure at your own risk and danger. All manufacturers trademarks or products whitch are referred to in the wiki  are owned by their respective manufacturers.