D-Link DFL-260E User Manual for DFL-260E - Page 398
Authentication Processing
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 398 highlights
8.2.6. Authentication Processing Chapter 8. User Authentication Connection Timeouts An Authentication Rule can specify the following timeouts related to a user session: • Idle Timeout How long a connection is idle before being automatically terminated (1800 seconds by default). • Session Timeout The maximum time that a connection can exist (no value is specified by default). If an authentication server is being used then the option to Use timeouts received from the authentication server can be enabled to have these values set from the server. Multiple Logins An Authentication Rule can specify how multiple logins are handled where more than one user from different source IP addresses try to login with the same username. The possible options are: • Allow multiple logins so that more than one client can use the same username/password combination. • Allow only one login per username. • Allow one login per username and logout an existing user with the same name if they have been idle for a specific length of time when the new login occurs. 8.2.6. Authentication Processing The list below describes the processing flow through NetDefendOS for username/password authentication: 1. A user creates a new connection to the NetDefend Firewall. 2. NetDefendOS sees the new user connection on an interface and checks the Authentication rule set to see if there is a matching rule for traffic on this interface, coming from this network and data which is one of the following types: • HTTP traffic • HTTPS traffic • IPsec tunnel traffic • L2TP tunnel traffic • PPTP tunnel traffic • SSL VPN tunnel traffic 3. If no rule matches, the connection is allowed, provided the IP rule set permits it, and nothing further happens in the authentication process. 4. Based on the settings of the first matching authentication rule, NetDefendOS may prompt the user with an authentication request which requires a username/password pair to be entered. 5. NetDefendOS validates the user credentials against the Authentication Source specified in the 398