Table of Contents
Advertisement
DFL-900/1500 User Manual
6.1
Demands
DFL-1500 VPN/Firewall Router supports user authentication against the internal user database, a RADIUS server or a LDAP server.
You can create a user account by adding username and password to the internal database to grant the user an access to Internet, etc.
Alternatively, you may input the IP address of a Radius server to let users to be authenticated using the server database.
6.2
Methods
To pass any of these authentications the user must use a browser. An authentication fail results to the complete inability to access
both WAN and LAN resources. To avoid the authentication, there are two options: a) to route a service through DMZ interface,
which is designed for this; or b) to add a chosen PC IP address to the Exempt Host list. For instance,
1. If PCs under LAN interfaces cannot pass the authentication, they will not be allowed to access WAN, LAN and DMZ
resources.
2. If PCs like servers are located under DMZ, the authentication is not necessary.
3. If you put a server under LAN, you have to add its IP address to the Exempt Host list in order to access its resources.
There are four steps to configure the authentication:
1.
Setting authentication timeout.
2.
Configuring the Authentication Type.
3.
Configuring the Authentication Setting.
4.
Configuring the Exempt Host.
6.3
Steps
6.3.1 Local Setting
Step 1.
Enable Authentication
Check the Enable Authentication checkbox.
Set Authentication timeout to control how long
authenticated firewall connections are valid.
Select the Authentication Type.
This chapter introduces user authentication and explains how to implement it.
Basic Setup > Authentication > Authentication
55
Chapter 6
Authentication
Chapter 6
Authentication
Advertisement
Table of Contents
Troubleshooting
