Authentication Setup; Setup Summary; The Local Database - D-Link DFL-1660 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
8.2. Authentication Setup
8.2. Authentication Setup
8.2.1. Setup Summary
The following list summarizes the steps for User Authentication setup with NetDefendOS:
•
Have an authentication source which consists of a database of users, each with a
username/password combination. Any of the following can be an authentication source:
i.
The local user database internal to NetDefendOS.
ii.
A RADIUS server which is external to the NetDefend Firewall.
iii. An LDAP Server which is also external to the NetDefend Firewall.
•
Define an Authentication Rule which describes which traffic passing through the firewall is to be
authenticated and which authentication source will be used to perform the authentication. These
are described further in Section 8.2.5, "Authentication Rules".
•
If required, define an IP object for the IP addresses of the clients that will be authenticated. This
can be associated directly with an authentication rule as the originator IP or can be associated
with an Authentication Group.
•
Set up IP rules to allow the authentication to take place and also to allow access to resources by
the clients belonging to the IP object set up in the previous step.
The sections that follow describe the components of these steps in detail. These are:
•
Section 8.2.2, "The Local Database"
•
Section 8.2.3, "External RADIUS Servers"
•
Section 8.2.4, "External LDAP Servers"
•
Section 8.2.5, "Authentication Rules"
8.2.2. The Local Database
The Local User Database is a built-in registry inside NetDefendOS which contains the profiles of
authorized users and user groups. Usernames and passwords can be entered into this database
through the Web Interface or CLI, and users with the same privileges can be collected together into
groups to make administration easier.
Group Membership
Each user entered into the Local Database can optionally be specified to be a member of one or
more Authentication Groups. These groups are not predefined (with the exception of the
administrators and auditors group described below) but rather entered as text strings. These text
strings are case sensitive and must always be entered in exactly the same way. Authentication
Groups are not used with Authentication Rules but are instead associated with IP objects which are
then used in the IP rule set.
Using Groups with IP Rules
When specifying the Source Network for an IP rule, a user defined IP object can be used and an
Authentication Group can be associated with that IP object. This will mean that the IP rule will then
only apply to logged-in clients who also belong to the source network's associated group.
393
Chapter 8. User Authentication
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
