D-Link DFL-260 Product Manual - Page 357
Authentication Setup, 8.2.1. Setup Summary, 8.2.2. The Local Database, Group Membership
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 357 highlights
8.2. Authentication Setup Chapter 8. User Authentication 8.2. Authentication Setup 8.2.1. Setup Summary The following list summarizes the steps for User Authentication setup with NetDefendOS: • Have an authentication source which consists of a database of users, each with a username/password combination. Any of the following can be an authentication source: i. The local user database internal to NetDefendOS. ii. A RADIUS server which is external to the NetDefend Firewall. iii. An LDAP Server which is also external to the NetDefend Firewall. • Define an Authentication Rule which describes which describes which traffic passing through the firewall is to be authenticated and which authentication source will be used to perform the authentication. These are described further in Section 8.2.5, "Authentication Rules". • If required, define an IP object for the IP addresses of the clients that will be authenticated. This can be associated directly with an authentication rule as the originator IP or can be associated with an Authentication Group. • Set up IP rules to allow the authentication to take place and also to allow access to resources by the clients belonging to the IP object set up in the previous step. The sections that follow describe the components of these steps in detail. These are: • Section 8.2.2, "The Local Database" • Section 8.2.3, "External RADIUS Servers" • Section 8.2.4, "External LDAP Servers" • Section 8.2.5, "Authentication Rules" 8.2.2. The Local Database The Local User Database is a built-in registry inside NetDefendOS which contains the profiles of authorized users and user groups. Usernames and passwords can be entered into this database through the Web Interface or CLI, and users with the same privileges can be collected together into groups to make administration easier. Group Membership Each user entered into the Local Database can optionally be specified to be a member of one or more Authentication Groups. These groups are not predefined (with the exception of the administrators and auditors group described below) but rather entered as text strings. These text strings are case sensitive and must always be entered in exactly the same way. Authentication Groups are not used with Authentication Rules but are instead associated with IP objects which are then used in the IP rule set. Using Groups with IP Rules When specifying the Source Network for an IP rule, a user defined IP object can be used and an Authentication Group can be associated with that IP object. This will mean that the IP rule will then only apply to logged-in clients who also belong to the source network's associated group. 357