BOMGAR RADIUS Security Provider support’s now Framed-IP-Address and Calling-Station-ID

 

Is it possible to configure BOMGAR RADIUS security Provider for 2-factor authentication for over-the-Internet users and 1-factor for local LAN users?

The RADIUS request object includes an attribute (31) from the requester which includes their calling-station-ID which is the IP address – both IPv4 and IPv6 are supported.  The IP address is then passed through by the Remote Support appliance to the RADIUS security provider which determines the action.  The image below is a snapshot from the Bomgar Verify administration console, notice the arrow indicates trusted networks.  Our understanding is that other RADIUS servers support the same form of MFA determination.

 

BOMGAR PAM 15.3.1+ and ERS 15.2.1+ (released in Nov. 2015) added new fields to Bomgar RADIUS security provider Access-Request packet  attributes:- Framed-IP-Address – sent if the client is connecting from an IPv4 address
– Framed-IPv6-Address – sent if the client is connecting from an IPv6 address
– Calling-Station-Id – contains the client’s IPv4 or IPv6 address

So, to configure 2-factor authentication for over-the-Internet users and 1-factor for local LAN users, the RADIUS server would need to check the Calling-Station-Id  of all authentication requests coming from your Bomgar appliance and then make a decision if to require 1- or 2-factor authentication base upon that IP. It would be easier to implement this when the Bomgar appliance uses an internal non-routable IP. In this case, all over-the-Internet authentication requests will come to the Bomgar appliance from the firewall and you can configure your RADIUS server to require 2-factor authentication for all packets containing the firewall IP in the Calling-Station-Id field.

This article is an answer from BOMGAR Technical Support Team concerning a MICRODYN technical request

 

 

Scroll to Top