ZyXEL Communications ZyWall USG20-VPN User Manual page 457
Usg series
Hide thumbs
Also See for ZyWall USG20-VPN:
- User manual (994 pages) ,
- Handbook (810 pages) ,
- Reference manual (665 pages)
Table of Contents
Advertisement
Note: If the USG tries to authenticate an ext-user using the local database, the attempt
always fails.
Once an ext-user user has been authenticated, the USG tries to get the user type (see
on page
456) from the external server. If the external server does not have the information, the
USG sets the user type for this session to User.
For the rest of the user attributes, such as reauthentication time, the USG checks the following
places, in order.
User account in the remote server.
1
User account (Ext-User) in the USG.
2
Default user account for AD users (ad-users), LDAP users (ldap-users) or RADIUS users (radius-
3
users) in the USG.
See
Setting up User Attributes in an External Server on page 469
set up the attributes in an external server.
Ext-Group-User Accounts
Ext-Group-User accounts work are similar to ext-user accounts but allow you to group users by
the value of the group membership attribute configured for the AD or LDAP server. See
29.8.5.1 on page 506
User Groups
User groups may consist of user accounts or other user groups. Use user groups when you want to
create the same rule for several user accounts, instead of creating separate rules for each one.
Note: You cannot put access users and admin users in the same user group.
Note: You cannot put the default admin account into any user group.
The sequence of members in a user group is not important.
User Awareness
By default, users do not have to log into the USG to use the network services it provides. The USG
automatically routes packets for everyone. If you want to restrict network services that certain
users can use via the USG, you can require them to log in to the USG first. The USG is then 'aware'
of the user who is logged in and you can create 'user-aware policies' that define what services they
can use. See
Section 29.2.6 on page 468
Finding Out More
• See
Section 29.2.6 on page 468
authentication server in order to log in.
• The USG supports TTLS using PAP so you can use the USG's local user database to authenticate
users with WPA or WPA2 instead of needing an external RADIUS server.
Chapter 29 Object
for more on the group membership attribute.
for a user-aware login example.
for some information on users who use an external
USG20(W)-VPN Series User's Guide
457
Table 178
for a list of attributes and how to
Section
- Quick Links:
- Web Configurator
- Installation Setup Wizard
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
