D-Link DFL-1660 User Manual page 394
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
8.2.2. The Local Database
The purpose of this is to restrict access to certain networks to a particular group by having IP rules
which will only apply to members of that group. To gain access to a resource there must be an IP
rule that allows it and the client must belong to the same group as the rule's Source Network group.
Granting Administration Privileges
When a user is defined, it can also be added to two default administration groups:
•
The administrators group
Members of this group can log into NetDefendOS through the Web Interface as well as through
the remote CLI interface and are allowed to edit the NetDefendOS configuration.
•
The auditors group
This is similar to the administrators group but members are only allowed to view the
configuration and cannot change it.
PPTP/L2TP Configuration
If a client is connecting to the NetDefend Firewall using PPTP/L2TP then the following three
options called also be specified for the local NetDefendOS user database:
•
Static Client IP Address
This is the IP address which the client must have if it is to be authenticated. If it is not specified
then the user can have any IP. This option offers extra security for users with fixed IP addresses.
•
Network behind user
If a network is specified for this user then when the user connects, a route is automatically added
to the NetDefendOS main routing table. This existence of this added route means that any traffic
destined for the specified network will be correctly routed through the user's PPTP/L2TP tunnel.
When the connection to the user ends, the route is automatically removed by NetDefendOS.
•
Metric for Networks
If the Network behind user option is specified then this is the metric that will be used with the
route that is automatically added by NetDefendOS. If there are two routes which give a match
for the same network then this metric decides which should be used.
Specifying an SSH Public Key
With PPTP/L2TP clients, using a key is often an alternative to specifying a username and password.
A private key can be specified for a local database user by selecting a previously uploaded
Caution: Use the network option with care
The administrator should think carefully what the consequences of using this
option will be. For example, setting this option to all-nets will possibly direct all
Internet traffic through the tunnel to this user.
Note: Other authentication sources do not have the PPTP/L2TP
option
394
Chapter 8. User Authentication
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
