User Authentication Setup For Web Access - D-Link NetDefendOS User Manual

With this setup, when users that are not authenticated try to surf to any IP except lan_ip they will
fall through the rules and their packets will be dropped. To always have these users come to the
authentication page, a SAT rule and its associated Allow rule must be added. The rule set will now
look like this:
# Action
1 Allow
2 NAT
3 NAT
4 SAT
5 Allow
The SAT rule catches all unauthenticated requests and must be set up with an all-to-one address
mapping that directs them to the address 127.0.0.1 which corresponds to core (NetDefendOS
itself ).
Example 8.4. User Authentication Setup for Web Access
The configurations below shows how to enable HTTP user authentication for the user group
lan_group on lannet. Only users that belong to the group users can get Web browsing service
after authentication, as it is defined in the IP rule.
It is assumed that the authentication IPv4 address object lan_users_net has been defined and this
has its Groups property set to lan_group. The group lan_group has been used as the Groups
property of individual users in the lan_users database.
Web Interface
A. Set up an IP rule to allow HTTP authentication.
1. Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2. Now enter:
• Name: http_auth
• Action: Allow
• Service: http-all
• Source Interface: lan
• Source Network: lannet
• Destination Interface core
• Destination Network lan_ip
3. Click OK
B. Set up an Authentication Rule
1. Go to: Policies > User Authentication > Authentication Rules > Add > User
Authentication Rule
Src Interface Src Network
lan lannet
lan trusted_users
lan lannet
lan lannet
lan lannet
629
Chapter 8: User Authentication
Dest Interface Dest Network
core lan_ip
wan all-nets
wan all-nets
wan all-nets
all-to-one
127.0.0.1
wan all-nets
Service
http-all
http-all
dns-all
http-all
http-all