Table of Contents
Advertisement
Table 102 Configuration > Web Authentication > Add (continued)
LABEL
User
Authentication
Policy
Source Address
Destination
Address
Schedule
Authentication
Log
Force User
Authentication
OK
Cancel
24.2.2 User-aware Access Control Example
You can configure many policies and security settings for specific users or groups of users. Users
can be authenticated locally by the UAG or by an external (RADIUS) authentication server.
In this example the users are authenticated by an external RADIUS server at 172.16.1.200. First,
set up the user accounts and user groups in the UAG. Then, set up user authentication using the
RADIUS server. Finally, set up the policies in the table above.
24.2.2.1 Set Up User Accounts
Set up user accounts in the RADIUS server. This example uses the Web Configurator. If you can
export user names from the RADIUS server to a text file, then you might configure a script to
create the user accounts instead.
Click Configuration > Object > User/Group > User. Click the Add icon.
1
Enter the same user name that is used in the RADIUS server, and set the User Type to ext-user
2
because this user account is authenticated by an external server. Click OK.
Chapter 24 Web Authentication
DESCRIPTION
Use this section of the screen to determine which traffic requires (or does not require) the
senders to be authenticated in order to be routed.
Select a source address or address group for whom this policy applies. Select any if the
policy is effective for every source. This is any and not configurable for the default policy.
Select a destination address or address group for whom this policy applies. Select any if
the policy is effective for every destination. This is any and not configurable for the default
policy.
Select a schedule that defines when the policy applies. Otherwise, select none and the rule
is always effective. This is none and not configurable for the default policy.
Select the authentication requirement for users when their traffic matches this policy.
unnecessary - Users do not need to be authenticated.
required - Users need to be authenticated. If Force User Authentication is selected, all
HTTP traffic from unauthenticated users is redirected to a default or user-defined login
page. Otherwise, they must manually go to the login screen. The UAG will not redirect
them to the login screen.
This field is available for the default policy. Select whether to have the UAG generate a log
(log), log and alert (log alert) or not (no) for packets that match the default policy. See
Chapter 41 on page 395
for more on logs.
This field is available for user-configured policies that require authentication. Select this to
have the UAG automatically display the login screen when users who have not logged in yet
try to send HTTP traffic.
Click OK to save your changes back to the UAG.
Click Cancel to exit this screen without saving.
UAG2100 User's Guide
221
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
