ZyXEL Communications ZyWall Reference Manual page 234

Chapter 26 User/Group
26.2.4.1 force-auth Sub-commands
The following table describes the sub-commands for several force-auth policy commands. Note that
not all rule commands use all the sub-commands listed here.
Table 137 force-auth policy Sub-commands
COMMAND
[no] activate
[no] authentication {force |
required}
[no] description description
[no] destination {address_object |
group_name}
[no] eps <1..8> eps_object_name
[no] eps activate
eps insert <1..8> eps_object_name
eps move <1..8> to <1..8>
[no] eps periodical-check
<1..1440>
[no] force
[no] schedule schedule_name
[no] source {address_object |
group_name}
show
26.2.4.2 Force Authentication Policy Insert Command Example
The following commands show how to insert a force authentication policy at position 1 of the
checking order. This policy applies endpoint security policies and uses the following settings:
• Activate: yes
234
DESCRIPTION
Activates the specified condition. The
specified condition.
Select the authentication requirement for users when their traffic matches
this policy. The command means user authentication is not required.
no
force: Users need to be authenticated and the ZyWALL automatically
display the login screen when users who have not logged in yet try to send
HTTP traffic.
required: Users need to be authenticated. They must manually go to the
login screen. The ZyWALL will not redirect them to the login screen.
Sets the description for the specified condition. The
description.
description: You can use alphanumeric and
characters, and it can be up to 60 characters long.
Sets the destination criteria for the specified condition. The
removes the destination criteria, making the condition effective for all
destinations.
Associates the specified End Point Security (EPS) object with the specified
condition. The ZyWALL checks authenticated users' computers against the
condition's endpoint security objects in the order of 1 to 8. You have to
configure order 1 and then the others if any. The no command removes the
specified EPS object's association with the condition.
To apply EPS for this condition, you have to also make sure you enable EPS
and set authentication to either required or force for this condition.
Enables EPS for the specified condition. The
EPS for the condition.
Inserts the specified EPS object for the condition. The number determines
the order that this EPS rule is executed in the condition.
Changes an endpoint object's position in the execution order of the
condition.
Sets a number of minutes the ZyWALL has to repeat the endpoint security
check. The command means that the ZyWALL only perform the
no
endpoint security check when users log in to the ZyWALL.
Forces users to log in to the ZyWALL if the specified condition is satisfied.
The command means that users do not log in to the ZyWALL.
no
Sets the time criteria for the specified condition. The
the time criteria, making the condition effective all the time.
Sets the source criteria for the specified condition. The
removes the source criteria, making the condition effective for all sources.
Displays information about the specified condition.
command deactivates the
no
command clears the
no
()+/:=?!*#@$_%-
command
no
command means to disable
no
command removes
no
command
no
ZyWALL (ZLD) CLI Reference Guide