Authentication Processing - D-Link NetDefendOS User Manual

specified.
• Originator IP
The source IP or network from which new connections will arrive. For XAuth and PPP, this is
the Originator IP.
• Terminator IP
The terminating IP with which new connections arrive. This is only specified where the
Authentication Agent is PPP.
Connection Timeouts
An Authentication Rule can specify the following timeouts related to a user session:
• Idle Timeout
How long a connection is idle before being automatically terminated (1800 seconds by
default).
• Session Timeout
The maximum time that a connection can exist (no value is specified by default).
If an authentication server is being used then the option to Use timeouts received from the
authentication server can be enabled to have these values set from the server.
Multiple Logins
An Authentication Rule can specify how multiple logins are handled where more than one user
from different source IP addresses try to login with the same username. The possible options are:
• Allow multiple logins so that more than one client can use the same username/password
combination.
• Allow only one login per username.
• Allow one login per username and logout an existing user with the same name if they have
been idle for a specific length of time when the new login occurs.

8.2.6. Authentication Processing

The list below describes the processing flow through NetDefendOS for username/password
authentication:
1. A user creates a new connection to the NetDefend Firewall.
2. NetDefendOS sees the new user connection on an interface and checks the Authentication
rule set to see if there is a matching rule for traffic on this interface, coming from this
network and data which is one of the following types:
• HTTP traffic
626
Chapter 8: User Authentication