Configuring Local User Groups; Configuring External Users; Configuring External User Groups - Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Configuring Local User Groups

Configuring External Users

Configuring External User Groups

402
Click OK to save the user object.
Organize local users in groups to add multiple users at one time to a security policy, and
to manage the members without changing the policy. To add a local user group object:
In the navigation tree, double-click the Object Manager, select User Objects, then
1.
select Local Users. In the main display area, click the Add icon and select New >
Group to display the New Local User Group dialog box.
Enter a name, color, and comment for the local user group.
2.
Configure the members of the group:
3.
To add members, select users from the Non-members list and click Add. Use
Ctrl-click to select multiple users, or click Add All to add all users in Non-members
list to the group.
To remove members, select users in the Members list and click Remove. Use
Ctrl-click to select multiple users, or click Remove All to remove all users in
Members list from the group.
Click OK to save the local user group.
4.
External user objects represent users whose accounts are maintained and authenticated
on devices that are not managed by NSM, such as an external RADIUS or SecureID server.
When an external user is included in a security policy (under Authentication rule options),
the security device uses the external server to authenticate that user.
To configure an external user:
In the navigation tree, double-click the Object Manager, select User Objects, then
1.
select External Users. In the main display area, click the Add icon and select New
to display the New External User dialog box.
Enter a name, color, and comment for the external user.
2.
Click OK to save the external user object.
3.
External User Group objects represent user groups that are managed on non-security
devices, such as an external RADIUS or SecureID server. When an external user group is
included in a security policy (under Authentication rule options), the security device uses
the external server to authenticate those users.
To use an external user group in a VPN, however, you must also create local user objects
with IKE authentication for each external user. In phase 1 of IKE negotiations, the security
device authenticates the external user group using the RADIUS server. In phase 2 of IKE
negotiations, the device uses the local user object or local user group for authentication.
Typically, you configure the local user object with IKE authentication and a U-FQDN
Copyright © 2010, Juniper Networks, Inc.