D-Link DFL-260E User Manual for DFL-260E - Page 399
A Group Usage Example, 8.2.8. HTTP Authentication, The Management WebUI Port Must Be Changed
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 399 highlights
8.2.7. A Group Usage Example Chapter 8. User Authentication authentication rule. This will be either a local NetDefendOS database, an external RADIUS database server or an external LDAP server. 6. NetDefendOS then allows further traffic through this connection as long as authentication was successful and the service requested is allowed by a rule in the IP rule set. That rule's Source Network object has either the No Defined Credentials option enabled or alternatively it is associated with a group and the user is also a member of that group. 7. If a timeout restriction is specified in the authentication rule then the authenticated user will be automatically logged out after that length of time without activity. Any packets from an IP address that fails authentication are discarded. 8.2.7. A Group Usage Example To illustrate authentication group usage, suppose that there are a set of users which will login from the network 192.168.1.0/24 which is connected to the lan interface. The requirement is to restrict access to a network called important_net on the int interface to just one group of trusted users, while the other less-trusted users can only access another network called regular_net on the dmz interface. Assuming that we are using the internal database of users as the authentication source, we add the users to this database with appropriate username/password pairs and a specific Group string. One set of users would be assigned to the group with the name trusted and the other to the group with the name untrusted. We now define two IP objects for the same network 192.168.1.0/24. One IP object is called untrusted_net and has its Group parameter set to the string untrusted. The other IP object is called trusted_net and its Group parameter is set to the string untrusted. The final step is to set up the rules in the IP rule set as shown below: # Action Src Interface Src Network Dest Interface Dest Network Service 1 Allow lan trusted_net int important_net all_services 2 Allow lan untrusted_net dmz regular_net all_services If we wanted to allow the trusted group users to also be able to access the regular network we could add a third rule to permit this: # Action Src Interface Src Network Dest Interface Dest Network Service 1 Allow lan trusted_net int important_net all_services 2 Allow lan trusted_net dmz regular_net all_services 3 Allow int untrusted_net dmz regular_net all_services 8.2.8. HTTP Authentication Where users are communicating through a web browser using the HTTP or HTTPS protocol then authentication is done by NetDefendOS presenting the user with HTML pages to retrieve required user information. This is sometimes also referred to as WebAuth and the setup requires further considerations. The Management WebUI Port Must Be Changed HTTP authentication will collide with the WebUI's remote management service which also uses TCP port 80 by default. To avoid this problem, the WebUI port number must be changed before configuring authentication. Do this by going to Remote Management > advanced settings in the WebUI and changing the 399