6.3.3. TACACS+ User Authentication Server

The TACACS+ option enables user authentication on TACACS+ servers. When authorization is done using a TACACS+ server, UserGate sends the username and password information to the server, which then responds as to whether the authentication was successful.

A TACACS+ server cannot provide a list of users to UserGate, therefore, if the users were not added to UserGate in advance (e.g., as local users or users fetched from an AD domain using an LDAP connector), only users of types Known (those who successfully authenticated with the TACACS+ server) and Unknown (those who were not authorized) can be used in filtering policies.

To add a TACACS+ authentication server, click Add, select Add TACACS+ server, and provide the following settings:




Enables or disables the use of this authentication server.

Server Name

The name of the authentication server.


Pre-shared key used by the TACACS+ protocol for authentication.


The IP address for the TACACS+ server.


The UDP port on which the TACACS+ server listens for authentication requests. By default, UDP port 1812 is used.

Use single TCP connection

Use a single TCP connection for communicating with the TACACS+ server.

Timeout (sec.)

The authentication timeout for the TACACS+ server. The default is 4 seconds.