Table of Contents
Advertisement
State
User-user group
SSL VPN Portal
IPSEC
SSL VPN
Sponsorship
Description
When you add lines to the table without having set up any rules, the columns
Authentication, SSL VPN and IPSEC will be set to "Deny" by default, even if you have
Page 21/448
Status of the access privilege configuration for the user or user group:
Enabled: Double-click anywhere in the column to enable the created rule.
Disabled: The rule is not in operation. The line will be grayed out in order to reflect
this.
REMARK
The firewall will assess rules in their order of appearance on the screen: one by
one from the top down. They are numbered likewise on the left side of the
column.
If Rule 1 affects a user group, all users involved in the rules that follow and
which are part of this same group will be subject to its configuration.
Example: If in Rule 1, you deny a user group authentication and/or access to
the SSL VPN and if the user in Rule 2 can authenticate via the LDAP and has a
particular SSL VPN profile but is part of the group, this user will be blocked, and
will have neither access to authentication nor to the SSL VPN.
When a new line is added to the table, you can select the user of the user group you
wish to configure. To do so, click on the arrow to the right of the column, which will
display a drop-down list offering you a choice of several CNs created earlier, in the
menu Users\Users module.
NOTE
It is also possible to add users who are not in the LDAP database, for example,
for the KERBEROS and RADIUS methods.
This column allows you to assign a particular SSL VPN profile to a user or user group,
configured beforehand in the menu VPN\SSL VPN module\User profiles tab.
You may also select the Default option, which will take into account the default SSL
VPN profile entered in the previous tab (Default options).
If you select Deny, the user or user group will not have access to any SSL VPN profiles,
contrary to the option All profiles, which will provide access to all web and application
servers that have been enabled in the user profiles.
In this field, it is possible to Block or Allow users the privilege of negotiating IPSec VPN
tunnels.
Depending on your selection, internal users and user groups will or will not be able to
communicate over your private protected IP networks, thereby allowing their data to
be transmitted securely.
REMARK
The IPSec privilege only concerns tunnels:
with pre-shared key authentication and e-mail address logins, or
l
with authentication by certificate.
l
In this field, it is possible to Block or Allow users the privilege of negotiating SSL VPN
tunnels. Depending on your selection, the internal users and user groups specified will
or will not be able to communicate over your private protected IP networks, thereby
allowing their data to be transmitted securely.
Depending on your selection, users or user groups will or will not be able to validate
sponsorship requests submitted from the captive portal.
Comments describing the user, user group or the rule.
REMARKS
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
ACCESS PRIVILEGES
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
