ZyXEL UAG4100 User Guide - Page 264
User-aware Access Control Example
View all ZyXEL UAG4100 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 264 highlights
Chapter 23 Web Authentication The following table gives an overview of the objects you can configure. Table 116 Configuration > Web Authentication > Add LABEL Create new Object Enable Policy Description User Authentication Policy Incoming Interface Source Address Destination Address Schedule Authentication DESCRIPTION Use to configure any new settings objects that you need to use in this screen. Select this check box to activate the authentication policy. This field is available for userconfigured policies. Enter a descriptive name of up to 60 printable ASCII characters for the policy. Spaces are allowed. This field is available for user-configured policies. Use this section of the screen to determine which traffic requires (or does not require) the senders to be authenticated in order to be routed. Select an interface on which packets for the policy must be received. Select any if the policy is effective for every interface. Select a source address or address group for whom this policy applies. Select any if the policy is effective for every source. This is any and not configurable for the default policy. Select a destination address or address group for whom this policy applies. Select any if the policy is effective for every destination. This is any and not configurable for the default policy. Select a schedule that defines when the policy applies. Otherwise, select none and the rule is always effective. This is none and not configurable for the default policy. Select the authentication requirement for users when their traffic matches this policy. unnecessary - Users do not need to be authenticated. Log Force User Authentication Authentication Type OK Cancel required - Users need to be authenticated. If Force User Authentication is selected, all HTTP traffic from unauthenticated users is redirected to a default or user-defined login page. Otherwise, they must manually go to the login screen. The UAG will not redirect them to the login screen. This field is available for the default policy. Select whether to have the UAG generate a log (log), log and alert (log alert) or not (no) for packets that match the default policy. See Chapter 47 on page 534 for more on logs. This field is available for user-configured policies that require authentication. Select this to have the UAG automatically display the login screen when users who have not logged in yet try to send HTTP traffic. Select the authentication type profile you want to use in this policy. You can configure the profile using the Web Authentication > Authentication Type screen. Click OK to save your changes back to the UAG. Click Cancel to exit this screen without saving. 23.2.2 User-aware Access Control Example You can configure many policies and security settings for specific users or groups of users. Users can be authenticated locally by the UAG or by an external (RADIUS) authentication server. In this example the users are authenticated by an external RADIUS server at 172.16.1.200. First, set up the user accounts and user groups in the UAG. Then, set up user authentication using the RADIUS server. Finally, set up the policies in the table above. UAG Series User's Guide 264