Stormshield SN series Configuration Manual page 132

User
Source hosts
Incoming interface
Click on Ok to confirm your configuration.
Filter rules with a user@object source type (except any or unknown@object), and with a
protocol other than HTTP, do not apply to Multi- user Objects ( Authentication >
Authentication policy). This behavior is inherent in the packet treatment mechanism used
by the intrusion prevention engine.
"Geolocation/Reputation" tab
Geolocation
Select a region
Page 132/448
The rule will apply to the user that you select in this field.
You can filter the display of users according to the desired method or LDAP directory
by clicking on
in the Authentication module and LDAP directories defined in the Directory
configuration module) will be presented in this filter list.
Depending on the authentication method, several generic users will be suggested:
"Any user@any": refers to any authenticated user, regardless of the directory or
l
authentication method used.
" Any user@guest_ users.local.domain ": refers to any user authenticated via the
l
"Guest" method.
"Any user@voucher_users.local.domain": refers to any user authenticated via the
l
"Temporary accounts" method.
"Any user@sponsored_users.local.domain": refers to any user authenticated via the
l
"Sponsorship" method.
"Any user@none": refers to any user authenticated via a method that does not rely
l
on an LDAP directory (e.g.: Kerberos).
"Unknown users": refers to any unknown or unauthenticated user.
l
NOTE
In order for unauthenticated users to be automatically redirected to the captive
portal, at least one rule must be defined, applying to the object "unknown
users". This rule will also apply when an authentication expires.
The rule will apply to the object or the user (created beforehand in the dedicated
menu: Objects>Network objects that you select in this field. The source host is the
host from which the connection originated.
You can Add or Delete one or several objects by clicking on
by clicking on the icon.
Interface on which the filter rule applies, presented in the form of a drop-down list. By
default, the firewall selects it automatically according to the operation and source IP
addresses.
It can be modified to apply the rule to another interface. This also allows specifying a
particular interface if "Any" has been selected as the source host.
NOTE
This field allows applying the filter rule to source hosts with a public IP address
belonging to countries, continents or geographic groups (group of countries and/or
continents defined beforehand in the Objects > Network objects module).
. Only enabled directories and methods (Available methods tab
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
FILTERING AND NAT
and Create an object