Table of Contents
Advertisement
Appendix G. Policy Priority
Global Policy, Service Zone Policy, Authentication Policy and User
Policy
WHG-505 supports multiple Policies, including one Global Policy and 40 individual Policy can be assigned to
different Group. Global Policy is the system's universal policy and applied to all clients, while other individual Policy
can be selected and defined to be applied to any Service Zone. On the other hand, Service Zone also has a Default
Policy. For some authentication, such as Local, RADIUS and LDP, user can assign to different Group individually.
The clients belonging to a Service Zone will be bound by an applied Policy. In addition, a Policy can be applied at a
Group basis; a Group of users can be bound by a Policy. So one user may be applied different policy at the same
time. Which policy is actually applied to this user?
The Policy Priority must be:
User Policy >> Authentication Policy >> Service Zone Policy >> Global Policy
Now, let us discus different user policy type:
16.9..1
For Local, RADIUS and LDAP, if these users are assigned to different Group individually, these users can
be assigned to their Group. For example, a Local user, user01, is assigned to Group1 and the Local
Authentication is assigned to Group2. If Group1 in Service Zone1 can be applied Policy1. Then user01 login to
Service Zone1 will get Policy1. This is a common case for users that can assign Group individually.
16.9..2
For Local, RADIUS and LDAP, if these users do not assigned any Group individually, so they are same as
other authentication server users that they can not assign to Group individually. For example, a POP3 user,
pop01, the POP3 Authentication is assigned to Group1. If Group1 in Service Zone1 can be applied Policy1.
Then pop01 login to Service Zone1 will get Policy1. This is another common case for users that can assign
Group by authentication server.
16.9..3
If Authentication server also do not assign to a Group, then the user will applied the Service Zone Default
Policy. For example, a Local user, user01, is assigned to Group None and the Local Authentication is also
assigned to Group None. If the Default Policy of Service Zone1 is applied Policy1. Then user01 login to
Service Zone1 will get Policy1.
16.9..4
If the Default Service Zone Policy is None. Authentication server does not assign to a Group and user
Group is None too. For example, a Local user, user01, is assigned to Group None and the Local Authentication
is also assigned to Group None. If the Default Policy of Service Zone1 is None. Then user01 login to Service
Zone1 will apply the Global Policy.
So, the Global Policy has the lowest policy priority; on the other hand, the User Policy will be the highest one.
285
Advertisement
Table of Contents
