Home » Netgear Manuals » Networking » Netgear SSL312 » Manual Viewer

Netgear SSL312 SSL312 User Manual - Page 57

Defining and Editing Group Policies, In the Group Policies of the Group Settings menu - 100

UPC - 606449046441

Add to My Manuals
Save this manual to your list of manuals

Page 57 highlights

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual The maximum timeout setting is 232 or over 100,000 minutes, although setting the timeout to 0 on the Global Settings page disables the inactivity timeout (if 0 is also configured as the inactivity timeout for the user and group). 4. Click Apply to save the configuration changes. Defining and Editing Group Policies With group access policies, all traffic is allowed by default. You can create additional allow and deny policies by destination address or address range and by service type. The most specific policy will take precedence over less specific policies. For example, a policy that applies to only one IP address will have priority over a policy that applies to a range of IP addresses. If two policies apply to a single IP address, then a policy for a specific service (for example RDP) will take precedence over a policy that applies to all services. Note: User policies take precedence over all group policies and group policies take precedence over all global policies, regardless of the policy definition (A user policy that allows access to all IP addresses will take precedence over a group policy that denies access to a single IP address). To define group access policies: 1. In the Group Policies section of the Group Settings menu, click Add Policy. An Add Policy menu displays. Figure 4-8 2. From the Apply Policy To pull-down menu, select whether the policy will be applied to a predefined network resource, an individual host, a range of addresses or all addresses. Setting Up User and Group Access Policies v2.1, November 2008 4-11

Section	Page
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual	1
Contents	5
About This Manual	9
Conventions, Formats and Scope	9
Using This Manual	10
Printing this Manual	10
Revision History	12
Chapter 1 Introduction	13
About the ProSafe SSL VPN Concentrator 25	13
Key Features	13
Web Browser Requirements	14
What’s in the Box	15
Hardware Description	15
Front Panel	16
Back Panel	17
Steps for Deploying the SSL312	17
Chapter 2 Installing the SSL312	19
Choosing a Network Topology	19
Single Arm	19
Routing	20
Initial Connection to the SSL VPN Concentrator	21
Accessing the Management Interface	22
Configuring Basic Network Settings	24
Installing the SSL VPN Concentrator	26
Managing Certificates	26
Obtaining a Certificate from a Certificate Authority	27
Generating a Self-Signed Certificate	29
Uploading and Enabling the New Certificate	30
Viewing and Deleting Certificates	32
Steps for Further Configuration	33
Chapter 3 Authenticating Users	35
Authentication Domains	35
Local User Database Authentication	36
RADIUS and NT Domain Authentication	37
Configuring for RADIUS Domain Authentication	38
Configuring for NT Domain Authentication	39
LDAP Authentication	41
Sample LDAP Attributes	41
LDAP Attribute Rules	42
Sample LDAP Users and Attributes Settings	42
Querying an LDAP Server	43
Configuring for LDAP Authentication	43
Kerberos Authentication (Active Directory)	45
Troubleshooting Active Directory Authentication	46
Deleting a Domain	46
Chapter 4 Setting Up User and Group Access Policies	47
Determine Your Requirements	47
Users, Groups and Global Policies	48
Global Policies	49
Editing Global Policy Settings	50
Adding and Editing Global Policies	52
Defining and Editing Global Bookmarks	53
Groups Configuration	54
Adding a New Group	54
Editing Group Settings	55
Defining and Editing Group Policies	57
Defining and Editing Group Bookmarks	58
Deleting a Group	59
Users Configuration	60
Adding a New User	61
Editing a User	63
Defining and Editing User Policies	66
Defining and Editing a User Bookmarks	67
Deleting a User	68
Using Network Resource Objects to Simplify Policies	68
Chapter 5 Configuring the Remote Access Web Portal	73
Creating the Portal	73
Portal Options	74
Adding Portal Layouts	75
Adding Terminal Services Applications to the Portal	78
Customizing the Banner	79
Duplicating and Editing Portal Layouts	80
Preparing the Client for Using Portal Services	81
Terminal Services Client Compatibility	81
Microsoft Windows Terminal Services (Remote Desktop Connection)	81
Microsoft Remote Desktop Services Client for the Macintosh	82
Creating a User Guide for Portal Services	82
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding	83
Two Approaches for VPN	83
SSL VPN Client Configuration	84
Adding IP Address Ranges	85
Adding Routes for VPN Tunnel Clients	86
Configuring Applications for Port Forwarding	88
Configuring Host Name Resolution	90
Chapter 7 Additional System Configuration	91
Configuring Network Settings	91
Sample SSL VPN Concentrator Configuration	91
Network Interface and Default Gateway Configuration	92
Static Route Configuration	94
Network Host Table Settings	96
Configuring DNS Settings	97
Setting Date and Time	99
System Configuration Utilities	100
Encrypting the Configuration File	101
Exporting and Saving a Backup Configuration File	101
Importing a Configuration File	102
Erasing the Configuration and Restoring the Default Settings	103
Upgrading the SSL VPN Concentrator Firmware	103
Additional Notes on the Management Interface	104
Chapter 8 Monitoring and Logging	105
SSL VPN Concentrator Status	105
Active Users	107
Event Log	108
Log Settings	109
Diagnostics	113
Appendix A Default Settings and Technical Specifications	115
Factory Default Settings	115
Technical Specifications	116
Appendix B Related Documents	117

Match case Limit results 1 per page

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

Setting Up User and Group Access Policies

4-11

v2.1, November 2008

The maximum timeout setting is 2

or over 100,000 minutes, although setting the timeout to 0

on the Global Settings page disables the inactivity timeout (if 0 is also configured as the

inactivity timeout for the user and group).

Click Apply to save the configuration changes.

Defining and Editing Group Policies

With group access policies, all traffic is allowed by default. You can create additional allow and

deny policies by destination address or address range and by service type.

The most specific policy will take precedence over less specific policies. For example, a policy

that applies to only one IP address will have priority over a policy that applies to a range of IP

addresses. If two policies apply to a single IP address, then a policy for a specific service (for

example RDP) will take precedence over a policy that applies to all services.

To define group access policies:

In the Group Policies section of the Group Settings menu, click Add Policy. An Add Policy

menu displays.

From the Apply Policy To pull-down menu, select whether the policy will be applied to a

predefined network resource, an individual host, a range of addresses or all addresses.

Note:

User policies take precedence over all group policies and group policies take

precedence over all global policies, regardless of the policy definition (A

user

policy that allows access to all IP addresses will take precedence over a

group

policy that denies access to a single IP address).

Figure 4-8