D-Link DFL-260 Product Manual - Page 358
Caution: Use the network option with care
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 358 highlights
8.2.2. The Local Database Chapter 8. User Authentication The purpose of this is to restrict access to certain networks to a particular group by having IP rules which will only apply to members of that group. To gain access to a resource there must be an IP rule that allows it and the client must belong to the same group as the rule's Source Network group. Granting Administration Privileges When a user is defined, it can also be added to two default administration groups: • The administrators group Members of this group can log into NetDefendOS through the Web Interface as well as through the remote CLI interface and are allowed to edit the NetDefendOS configuration. • The auditors group This is similar to the administrators group but members are only allowed to view the configuration and cannot change it. PPTP/L2TP Configuration If a client is connecting to the NetDefend Firewall using PPTP/L2TP then the following three options called also be specified for the local NetDefendOS user database: • Static Client IP Address This is the IP address which the client must have if it is to be authenticated. If it is not specified then the user can have any IP. This option offers extra security for users with fixed IP addresses. • Network behind user If a network is specified for this user then when the user connects, a route is automatically added to the NetDefendOS main routing table. This existence of this added route means that any traffic destined for the specified network will be correctly routed through the user's PPTP/L2TP tunnel. When the connection to the user ends, the route is automatically removed by NetDefendOS. Caution: Use the network option with care The administrator should think carefully what the consequences of using this option will be. For example, setting this option to all-nets will possibly direct all Internet traffic through the tunnel to this user. • Metric for Networks If the Network behind user option is specified then this is the metric that will be used with the route that is automatically added by NetDefendOS. If there are two routes which give a match for the same network then this metric decides which should be used. Note: Other authentication sources do not have the PPTP/L2TP option Specifying an SSH Public Key With PPTP/L2TP clients, using a key is often an alternative to specifying a username and password. A private key can be specified for a local database user by selecting a previously uploaded NetDefendOS SSH Client Key object. 358