Authentication Policy" Tab; Actions On The Rules Of The Authentication Policy - Stormshield SN series Configuration Manual

"Authentication policy" tab

The filter table allows you to define the rules of the authentication policy to be applied through
the firewall. High-priority rules are placed on top. The firewall executes rules in their order of
appearance in the list (rule no. 1, 2 and so on) and stops as soon as it reaches a rule that
matches the traffic that it processes. It is therefore important to define rules from most specific
to most general.
If no rules have been defined in the policy or if the traffic does not match any of the specified
rules, the Default method will be applied. If this method has not been configured or the action has
been set to Block, all authentication attempts will be denied.

Actions on the rules of the authentication policy

Search by user
New rule
Delete
Move up
Move down
Cut
Page 53/448
This field allows searching by user login. The rules assigned to this user appear in the
table.
Example: If you enter "user1" in the field, all rules in the policy with "user1" as their
source will appear in the table.
Inserts a rule – predefined or to be defined – after the selected line. There are 2
possible choices.
Standard rule: an authentication wizard will appear when this is selected. Please
l
refer to the following chapter to see the options offered in each screen.
Guest method rule: this wizard offers to create an authentication rule through the
l
Guest method. This method cannot be combined with other methods within the
same rule as it does not require authentication.
NOTE
The User object to select to match the Guest method is "All".
NOTE
This method is incompatible with multi-user objects; all users connected in
Guest mode must have different IP addresses.
Temporary account rule: this wizard offers to create an authentication rule through
l
the Temporary account method. This method cannot be combined with other
methods within the same rule.
Sponsorship rule: this wizard offers to create an authentication rule through the
l
Sponsorship method. This method cannot be combined with other methods within
the same rule as it does not require authentication.
Separator – rule grouping : This option allows inserting a separator above the
l
selected line and helps to improve the authentication policy's readability and
visibility.
It may allow the administrator to prioritize rules, for example, or group those that
redirect traffic to different servers. You can collapse or expand the node of the
separator in order to show or hide the rule grouping. You can also copy/paste a
separator from one location to another.
Deletes the selected line.
Places the selected line before the line just above it.
Places the selected line after the line just below it.
Allows you to cut an authentication rule in order to move it.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
AUTHENTICATION