ZyXEL ZyWALL ATP700 User Guide - Page 489
User-aware Access Control Example
View all ZyXEL ZyWALL ATP700 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 489 highlights
Chapter 23 Web Authentication Table 190 Configuration > Web Authentication > General > Add Authentication Policy (continued) LABEL DESCRIPTION Authentication Select the authentication requirement for users when their traffic matches this policy. unnecessary - Users do not need to be authenticated. Single Sign-on Force User Authentication Authentication Type required - Users need to be authenticated. If Force User Authentication is selected, all HTTP traffic from unauthenticated users is redirected to a default or user-defined login page. Otherwise, they must manually go to the login screen. The Zyxel Device will not redirect them to the login screen. This field is available for user-configured policies that require Single Sign-On (SSO). Select this to have the Zyxel Device enable the SSO feature. You can set up this feature in the SSO screen. This field is available for user-configured policies that require authentication. Select this to have the Zyxel Device automatically display the login screen when users who have not logged in yet try to send HTTP traffic. Select an authentication method. default-web-portal: the default login page built into the Zyxel Device. OK Cancel default-user-agreement: the default user agreement page built into the Zyxel Device. Click OK to save your changes back to the Zyxel Device. Click Cancel to exit this screen without saving. 23.2.1 User-aware Access Control Example You can configure many policies and security settings for specific users or groups of users. Users can be authenticated locally by the Zyxel Device or by an external (RADIUS) authentication server. In this example the users are authenticated by an external RADIUS server at 172.16.1.200. First, set up the user accounts and user groups in the Zyxel Device. Then, set up user authentication using the RADIUS server. Finally, set up the policies in the table above. 23.2.1.1 Set Up User Accounts Set up user accounts in the RADIUS server. This example uses the Web Configurator. If you can export user names from the RADIUS server to a text file, then you might configure a script to create the user accounts instead. 1 Click Configuration > Object > User/Group > User. Click the Add icon. 2 Enter the same user name that is used in the RADIUS server, and set the User Type to ext-user because this user account is authenticated by an external server. Click OK. ZyWALL ATP Series User's Guide 489